Mbed TLS is now part of TrustedFirmware.org.

Fatal alert BAD_RECORD_MAC


Oct 12, 2017 22:16
jay

Hi,

I'm trying to implement a TLS client on an embedded system. I've had success with both GET and POST requests in the past but I'm now consistently receiving fatal 'BAD_RECORD_MAC' alerts from the server during a POST attempt. GET requests to the same endpoint work.

After the handshake and certificate verification, the post request is sent to the server. The server then responds with the alert:

  > Write to server: 903 bytes written
  < Read from server:

[L1] is a fatal alert message (msg 20)
[L1] ssl_read_record() returned -30592 (-0x7780)
failed
  ! ssl_read returned -30592

I've tried a variety of protocols and cipher suites with the same fatal alert:

[ Protocol is TLSv1.0 ]
    [ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA ]
    [ Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA ]

[ Protocol is TLSv1.1 ]
    [ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA ]
    [ Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA ]

[ Protocol is TLSv1.2 ]
    [ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ]
    [ Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256 ]

I have little visibility into the interaction on the server side.

From my limited understanding it sounds like there is a problem with the encryption on the client. However, it doesn't make sense to me why the GET would work while the POST would not. I'm not sure how to further diagnose or debug this issue.

Any advice on things to try would be greatly appreciated!

Thanks!

Polarssl-1.3.9 // MCU: STM32F407 // OS: FreeRTOS

 
Oct 15, 2017 14:40
Ron Eldor

Hi Jay,
As you probably know, POST and GET are part of the HTTP protocol, and not part of the TLS protocol, so there shouldn't be a difference in the TLS layer between between the two requests.
As you mentioned, the alert you are receiving is because the generated MAC is not as expected. (The MAC is given as part of the message). You can find more information in this post
This error usually happens when the derived key on both peers is different. It could also be different IV, but more likely the derived key is different. However, since GET request is correct,I assume that your handshake and derived keys are correct and same. My guess is that your POST request contains a very large message, causing the MAC to be cut and and thus inaccurate. Please try sending a POST request with smaller messages, and see if this helps.
Regards,
Mbed TLS Team member
Ron