[openssl-users] Authentication over ECDHE

Viktor Dukhovni openssl-users at dukhovni.org
Fri Dec 28 17:48:58 UTC 2018



> On Dec 28, 2018, at 6:17 AM, Christian <c.wehrmeyer at freshlions.de> wrote:
> 
> BIO_set_fd with 4|1                     #Socket 4, BIO_CLOSE
> SSL_set_accept_state
> SSL_accept
> SSL_accept failed, SSL_get_error: 1     #SSL_ERROR_SSL
> 140059505588032:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../ssl/record/ssl3_record.c:375:
> SSL_shutdown
> SSL_clear

1.  Don't call SSL_shutdown(), rather just call SSL_free() and close the
    socket using close(), IIRC SSL_set_fd() (you should not need to use
    BIO_set_fd) leaves you as the owner of the socket to close or not.

2.  DO NOT reuse the same SSL handle for multiple connections, create a
    new one for subsequent connections, but you can and generally should
    reuse the SSL_CTX.

-- 
	Viktor.



More information about the openssl-users mailing list