[openssl-users] AES-GCM cipher in TLS

PS mytechlist at gmail.com
Thu Apr 5 04:12:43 UTC 2018

I am trying to decrypt TLS 1.2 records that is using the
TLS_AES_128_GCM_SHA256 cipher-suite using openssl's EVP API.

Per RFC 5246, decryption needs 4 inputs.

   In order to decrypt and verify, the cipher takes as input the key,
   nonce, the "additional_data", and the AEADEncrypted value.  The
   output is either the plaintext or an error indicating that the
   decryption failed.  There is no separate integrity check.  That is:

      TLSCompressed.fragment = AEAD-Decrypt(write_key, nonce,


But, in the AES-GCM decryption example on openssl wiki at
shows the decryption also takes as input the* tag *to be verified.

I know that the Authentication tag is the last 16 bytes of the TLS 1.2
record payload. But, my confusion is why the RFC has no mention of the
Authentication tag.

And so, to decrypt the TLS record, should I follow the example on openssl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180404/283337c5/attachment-0001.html>

More information about the openssl-users mailing list