Composition of DES_CBC_SHA

Ren Yanyu robinren03 at
Sun Mar 19 15:09:47 UTC 2023

Hi all,

I was trying to reproduce POODLE attack using OpenSSL 0.9.8 (though it is not a version-specific question) with designated ciphersuite DES_CBC_SHA. To be more specific, I use SSLv3.

I use SSL_write(ssl, buf, len)​ to send the data to a memory BIO and read the encrypted message. For example, one of the message reads:

17 03 00 00 18 ab d0 3c ae 20 f5 f8 ad dd 92 06 83 32 bd fa 6a 02 44 5d ec 7b 6d 0c 2b 17 03 00 00 28 66 45 37 06 e6 86 3e d2 cc 77 c1 0b 45 dd 96 0c c3 7c 23 8e ea 72 fa a6 f0 67 74 28 38 ae 37 23 92 b8 07 96 ce 0f d3 ea

As someone might notice, the message is of 74-bytes with a 5-byte SSL head, which means the application data is 69-byte. But the block size of DES is 8-byte and 69 is not evenly divisible by 8.

Furthore more, I notice that if len=10 or 11, the length of ciphertext will be 66; if len=12 or 13, the length of ciphertext will turn to 74 correspondingly.   As the length of ciphertext should change only when len is divisible by 8. That makes me really confused.

I would greatly appreciate it if you coule explain to me how the ciphertext is composed of.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list