问题
I am researching TLS1.0 recently. I establish a HTTPS server with self-signed certification and using openssl to connects the server. The cipher suite is RSA_AESCBC256_SHA. Then capture the TLS packages by using wireshark. When I capture an application record and then decrypt it. I've got the result like following screenshot.
I analyze the hex dump and categories them into 3, like the image below.
The red part is content, the green part is padding, and the blue part is MAC. The problem is the order is different from RFC2246 6.2.3.2 where MAC is prior to padding.
block-ciphered struct {
opaque content[TLSCompressed.length];
opaque MAC[CipherSpec.hash_size];
uint8 padding[GenericBlockCipher.padding_length];
uint8 padding_length;
} GenericBlockCipher
来源:https://stackoverflow.com/questions/60061051/tls1-0-block-ciphered-captured-from-wireshark-doesnt-match-document-rfc2246