Does it work with older Pikes? If so, can you store the data used (network traffic, private keys) and feed it to the old SSL module and see where it differs?
/ Martin Nilsson (saturator)
Previous text:
2004-03-11 22:42: Subject: Re: SSL problem
I updated to the latest CVS code, and the problem still seems to be around. However, I do have some more details:
Without fiddling with the cipher suites, the handshake selects IDEA as the bulk cipher with sha1 mac. It seems that the packet isn't getting decrypted, yielding a decrypted packet fragment of "". If I remove IDEA as a valid bulk cipher, the handshake selects RC4, and I no longer get an empty decoded packet, but the decode is gibberish.
It would seem to me that somewhere the key is incorrect or the data is getting shifted so that we're not decoding the same data that was encrypted.
While the code does work with the Pike ssl client and mozilla, there's definitely something fishy when it comes to other clients (I'm guessing that they're using something openssl derived at paypal).
Any thoughts?
Bill
/ hww3