SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:../ssl/record/rec_layer_s3.c:1543:SSL alert number 51

[mindentropy]

Hi,

I am a newbie in EST and I am trying out example/estclient and example/estserver.

My command for starting the server is: bin/estserver -v -c cert/cert_device1.pem -k cert/privkey_device1.pem -b

My command for starting the client is: bin/estclient -e -c cert/cert_device1.pem -y cert/cert_req_device1.pem -k cert/privkey_device1.pem -s 127.0.0.1 -p 8085 -o output_cert/ -v -u estuser -h estpwd

After I run I get SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:../ssl/record/rec_layer_s3.c:1543:SSL alert number 51 error.

My environment variables on the Server side:

EST_TRUSTED_CERTS=~/libestdir/cert/ca_cert_device1.pem
EST_CACERTS_RESP=~/libestdir/cert/ca_cert_device1.pem

My environment variables on the client side: EST_OPENSSL_CACERT=~/libestdir/cert/ca_cert_scu1.pem

Description of certificates:

1. ca_cert_device1.pem is the Self signed CA certificate present in the server instance
2. cert_device1.pem is the Self signed device certificate present in the device instance
3. cert_req_device1.pem is the certificate request with the private key of cert_device1.pem present in the device instance
4. privkey_device1.pem is the private key used to create cert_device1.pem and cert_req_device1.pem present in the device instance

What am I doing wrong to get this error? Are all the formats correct?

[csosto-pk]

This error is due to a cryptographic issue in the handshake.

I would sugest checking the ciphers used on the client and server in the handshake. A capture would show you that. It would probably show where the Alert is generated as well.