TLS-PSK returns bad_record_mac while OpenSSL working #602
Description
I create a new TLS-PSK client using the following code (credentials are changed). I Use BouncyCastle.Cryptography in v2.5.1
using Org.BouncyCastle.Tls;
using Org.BouncyCastle.Tls.Crypto.Impl.BC;
// ----
var pskTlsClient = new PskTlsClient(
new BcTlsCrypto(),
new BasicTlsPskIdentity(
"foobar",
Encoding.UTF8.GetBytes("foobar")));
var client = new TcpClient(configuration.Host, configuration.Port)
{
SendTimeout = timeout,
ReceiveTimeout = timeout,
SendBufferSize = bufferSize,
ReceiveBufferSize = bufferSize,
};
var proto = new TlsClientProtocol(client.GetStream());
proto.Connect(pskTlsClient);
return client.GetStream();It returns a bad_record_mac. The server (a Zabbix instance) logs
SSL routines::decryption failed or bad record mac: TLS write fatal alert "bad record mac
If i try to connect using OpenSSL 3.x, it works:
# openssl s_client -connect 127.0.0.1:10051 -psk_identity foobar -psk foobar -ciphersuites TLS_AES_128_GCM_SHA256 -debug
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 351 bytes and written 895 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
What am I doing wrong and where could i make some adjustments? I triple-checked the credentials. If I use a regular TLS connection (without PSK) it works (I can send/receive data).