[openssl-users] Authentication over ECDHE
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Dec 28 17:48:58 UTC 2018
> On Dec 28, 2018, at 6:17 AM, Christian <c.wehrmeyer at freshlions.de> wrote:
>
> BIO_set_fd with 4|1 #Socket 4, BIO_CLOSE
> SSL_set_accept_state
> SSL_accept
> SSL_accept failed, SSL_get_error: 1 #SSL_ERROR_SSL
> 140059505588032:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../ssl/record/ssl3_record.c:375:
> SSL_shutdown
> SSL_clear
1. Don't call SSL_shutdown(), rather just call SSL_free() and close the
socket using close(), IIRC SSL_set_fd() (you should not need to use
BIO_set_fd) leaves you as the owner of the socket to close or not.
2. DO NOT reuse the same SSL handle for multiple connections, create a
new one for subsequent connections, but you can and generally should
reuse the SSL_CTX.
--
Viktor.
More information about the openssl-users
mailing list