Re: Error SEC_E_ALGORITHM_MISMATCH from InitializeSecurityContext


"John Banes" <jabanes@xxxxxxxxxxxxxxxxxx> wrote in message
news:OjKTpGPZGHA.4760@xxxxxxxxxxxxxxxxxxxxxxx
This can happen when the client supports only TLS and the server only
supports SSL3. Because the cipher suite numbers used by SSL3 and TLS are
the same, the ClientHello message is slightly ambiguous in this case. You
should be able to see if my guess is right by looking at the version field
in the ServerHello messsage.


No, the server does support TLS1 (the version field in server Hello is
0x0301, i.e. TLS1.0)
Is it possible that the client certificate has some problems (don't ask me
which ones), but this problem is trapped by
InitializeSecurityContext (that uses it to generate the TLS record with the
client certificate) instead of AcquireCredentialsHandle (that basically
binds the client certificate with the Credential Handle)??

Have a nice day
GV





Regards,
John

"Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx> wrote in message
news:uFACDTMZGHA.3972@xxxxxxxxxxxxxxxxxxxxxxx
Hi all.

I'm working on an authentication protocol based on TLS1, as an example
I'm starting using the sample Samples\Security\SSPI\SSL in the Platform
SDK.

The problem I'm encountering is that InitializeSecurityContext returns
SEC_E_ALGORITHM_MISMATCH when it receives the a TLS message from the
server containing these records
- Server Hello
- Certificate
- Certificate Request
- Server Hello Done

The Client Hello message announces that it supports
TLS_RSA_WITH_RC4_128_MD5 and TLS_RSA_RC4_128_SHA (null compression), and
the server (in the Server Hello record) agrees to use
TLS_RSA_WITH_RC4_128_MD5 (and null compression). This is whatI see this
sniffing the packets on the network.

What can cause this error?

Have a nice day
GV





.

Relevant Pages

  • Re: [SLE] SMTP Auth howto for 8.2 Professional.
    ... > Can't remember for sure if I set up TLS first or if SASL worked before I ... > Just put the IP address of your test client in the mynetworks in main.cf ... mail server the same way as the gateway server ... I guess, seeing as how I haven't set up authentication up until now, I'm ...
    (SuSE)
  • problem with ssls client authentication
    ... I am using Windows 2000 Server with IIS 5.0 and I have activated SSL ... and client authentication on my IIS server. ... I have installed client certificate in my browser from both CA i use. ... When I put on the CTL control with the certificate of IDX-PKI root CA, ...
    (microsoft.public.inetserver.iis.security)
  • Re: SSL Sending via IMAP Configuration?
    ... certificate on the SMTP virtual server (an x509 certificate enables TLS once ... > I have my IMAP client working using Netscape Imap and also a Palm ...
    (microsoft.public.exchange.setup)
  • Re: SSL Sending via IMAP Configuration?
    ... certificate on the SMTP virtual server (an x509 certificate enables TLS once ... > I have my IMAP client working using Netscape Imap and also a Palm ...
    (microsoft.public.exchange.admin)
  • Re: TLS not accepting CRL
    ... We do not do any form of authentication of the client machine using ... Client CRL checking of the server cert would add several seconds to the ... > Isn't the whole purpose of using TLS for client authentication? ... I can force them to delete their certificate. ...
    (microsoft.public.windows.terminal_services)