Re: Authentication over ECDHE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On Dec 28, 2018, at 6:17 AM, Christian <c.wehrmeyer@xxxxxxxxxxxxx> wrote:
> 
> BIO_set_fd with 4|1                     #Socket 4, BIO_CLOSE
> SSL_set_accept_state
> SSL_accept
> SSL_accept failed, SSL_get_error: 1     #SSL_ERROR_SSL
> 140059505588032:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../ssl/record/ssl3_record.c:375:
> SSL_shutdown
> SSL_clear

1.  Don't call SSL_shutdown(), rather just call SSL_free() and close the
    socket using close(), IIRC SSL_set_fd() (you should not need to use
    BIO_set_fd) leaves you as the owner of the socket to close or not.

2.  DO NOT reuse the same SSL handle for multiple connections, create a
    new one for subsequent connections, but you can and generally should
    reuse the SSL_CTX.

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux