Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Malformed TLS packet when connecting using Indy


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 3 - Last Post: Nov 20, 2014 6:05 PM Last Post By: Remy Lebeau (Te...
nilesh shinde

Posts: 47
Registered: 10/5/13
Malformed TLS packet when connecting using Indy  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 19, 2014 1:45 AM
Hi,

I am using Indy TCP client in my application (Indy ver 19.0.14356.6604) and trying to connect my server using 'TIdTcpClient' with SSL enabled. I am using 'TIdSSLIOHandlerSocketOpenSSL' handler. In our test lab this connection worked on most of the cases. But in one scenario, on two client machine we are seeing errors in TLS packets. With the WireShark traces we are seeing 'Application Data,Ignored Unknown Record' error, where TLS payload is malformed. see below byte stream.

0000 b4 75 0e 4d 96 f3 50 e5 49 9c 8e 1f 08 00 45 00 .u.M..P.I.....E.
0010 00 92 59 62 40 00 80 06 12 3b 4d 51 7a 0e 4d 51 ..Yb@....;MQz.MQ
0020 7a 18 cf 12 01 bb 65 c5 8a 80 89 ae 59 b8 50 18 z.....e.....Y.P.
0030 00 ff 8f 4d 00 00 17 03 01 00 30 91 71 8a d5 8b ...M......0.q...
0040 c6 0e bb 96 11 d8 c2 d9 e1 ac dc af 1d 8b 56 0c ..............V.
0050 2a c8 28 06 8e ac 58 83 4a ab 6c 35 19 f6 00 40 *.(...X.J.l5...@
0060 b9 11 18 6f e8 80 51 50 d9 58 4c ef 4b ac ad f5 ...o..QP.XL.K...
0070 95 5d e1 89 fc bd 20 2b a0 12 03 e6 a4 b2 07 d8 .].... +........
0080 8d 1c b3 ab b0 16 ac 63 07 88 c9 24 6c 56 f8 57 .......c...$lV.W
0090 c2 5a 1f 56 ff 6b de ab cb 2e ec 96 e9 b1 fb 26 .Z.V.k.........&

In the above stream, on line number 7 you can see TLS application encrypted data ending with bytes "d9 58 4c". After that there are following (53 bytes) “0xef 4b ac ad f5 …b1 fb 26”. This appears to be tagged on without any header information or maybe just garbage. And this causing our server application to crash.

I need help to understand what are these additional 53 bytes. And why these are appearing on specific machines.

Thanks,
Nilesh
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Malformed TLS packet when connecting using Indy  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 19, 2014 10:53 AM   in response to: nilesh shinde in response to: nilesh shinde
nilesh wrote:

But in one scenario, on two client machine we are seeing errors in
TLS packets. With the WireShark traces we are seeing 'Application
Data,Ignored Unknown Record' error, where TLS payload is malformed.
see below byte stream.

Make sure you are using the latest version of Wireshark. I just ran into
an issue yesterday where I was using a slightly older Wireshark and it could
not open 2 perfectly valid capture files because it thought there were corrupted
packets when there really was not. The latest version did not have that
problem.

--
Remy Lebeau (TeamB)
nilesh shinde

Posts: 47
Registered: 10/5/13
Re: Malformed TLS packet when connecting using Indy  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 19, 2014 10:29 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
I tried with WireShark 1.12.2. And still same issue. It shows 'Application
Data,Ignored Unknown Record' error for some TLS packets.

~Nilesh
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Malformed TLS packet when connecting using Indy  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 20, 2014 6:05 PM   in response to: nilesh shinde in response to: nilesh shinde
nilesh wrote:

I tried with WireShark 1.12.2. And still same issue. It shows
'Application Data,Ignored Unknown Record' error for some TLS
packets.

Maybe Wireshark simply does not support the latest TLS specs? Did you try
analyzing the "malformed" data manually and compare it to the specs to see
if iti s really malformed or not?

--
Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02