Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
262 views
in Technique[技术] by (71.8m points)

java - JSSE wrap creates two tls packets requiring two unwraps. Why?

I am inspecting the behavior of our java application with respect to jsse tls encryption and decryption with a connected openssl client.

First I observed that when I call unwrap for client data, it always unwraps consuming 37 bytes and producing 0. The next unwrap consumes some bytes and produces some.

At first I thought the client would wrap an empty array first. But then I discovered that the jsse code does the same, except it produces 1 byte instead of 0.

So every call to a wrap consumes X bytes and produces Y bytes but requires TWO unwraps while the first one consumes 37 bytes and produces 1 byte and the second one consumes Y-37 bytes and produces X-1 bytes.

While openssl and jsse are doing nearly the same, I expect that to be correct. However I would like to know, why that happens. I don't see a reason for that and it takes additional resources...?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

What you're seeing is two slightly different ways of mitigating the BEAST attack. One way of doing this is to use an empty fragment as it's done with OpenSSL. The JSSE does something similar by sending 1 byte of data and the rest separately.

Here are a few links that may be of interest:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...