session_09_vpn__ipsec__and_tls_101908

Fatal decompressionfailure the decompression function

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: (secret, A(2) ║seed) ║ HMAC_hash(secret, A(3) ║ seed) ║ ... Where, A() is defined as: A(0) = seed A(i) = HMAC_hash(secret, A(i-1)) • P_hash can be reiterated as many times as is necessary to produce the required quantity of data. For example, if P_SHA-1 were being used to create 64 bytes of data, it would have to be reiterated 4 times (through A(4)), creating 80 bytes of output data. The last 16 bytes of the final iteration would then be discarded, leaving 64 bytes of output data. • SHA-1 output is 160 bits or 20 bytes. 47 VPN, IPSec and TLS TLS Alert Protocol • Alert messages convey information about the status of the connection. • There are two types of alerts: Fatal and Warning. Fatal Alert: Indicates that the connection is so bad that it needs to be terminated immediately. Warning Alert: Indicates that there are some problems in the connection. • Error Alerts unexpected_message: An inappropriate message was received. Fatal. bad_record_mac: This alert is returned if a record is received with an incorrect MAC. Fatal. decompression_failure: The decompression function received improper input. Fatal. handshake_failure: Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. Fatal. illegal_parameter: A field in the handshake was out of range or inconsistent with other fields. Fatal. no_certificate: A no_certificate alert message may be sent in response to a certification request if no appropriate certificate is available. bad_certificate: A certificate was corrupt, contained signatures were not verifiable. unsupported_certificate: A certificate was of an unsupported type. certificate_revoked: A certificate was revoked by its signer. certificate_expired: A certificate has expired or is not currently valid. certificate_unknown: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 48 • When an error is de...
View Full Document

Ask a homework question - tutors are online