Encrypted Alert21- Error code 214

Ahamed Fayaz.

8/21/24, 1:06 PM

I am working on TLS 1.2 Cipher TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, After send the application data server throws an error message Encryption alert (21).

I have mentioned the parameter shard by the server given below.

Decryption key: ab98fbfabe869b008697b9f62b8f59ee7a3165db6a0fdc37e2bac41d73995889
nonce: f53672195e441268b2fedf5d       (hex)
adata: 00000000000000011503030002     (hex)
cipher text: 7a6d                     (hex)
tag: 30518e9ba5daee98827555c680c87499 (hex)
decrypted data: 0214                  (hex)

After the GCM decryption we got the data 0124. But the 0214 is not a valid SSL alert message.

Please give me the support for find what type of error found here.

0 + 7

gcm

Maarten Bodewes

8/21/24, 1:55 PM

How is this different from your previous question? Please rather update your question instead of creating a new one, or at least remove the former. You should definitely also take more time formatting your post.

dave_thompson_085

8/22/24, 12:57 AM

[02 14 is level=fatal description=bad_record_mac](https://www.rfc-editor.org/rfc/rfc5246#section-7.2) And note even where decryption is separate from MACverify, which it isn't with GCM, TLS1.2 and 1.3 use 20/0x14for _both_ MAC and decryption errors and no longer use 21/0x15 at all. And a _protocol_ like TLS isn't itself cryptography, so security.SX would be more suitable.

Ahamed Fayaz.

8/22/24, 9:12 AM

Thank you @dave_thompson_085 and Maarteen for your reply and I will rectify my mistakes on upcoming days.

Ahamed Fayaz.

8/22/24, 1:07 PM

This is my encrypted WS packet. 0000000000 000001 **<nonce>** fd041f5ecd2ab17dd4a90dca6f abbdd5980080f4de4d9213d47a7c670e 5fa771d920d04e46377d258812deca12 b76562609b46b0328f4af1d65df6c321 629266979a1c0c1cd974d10191689b7d 4350aa00eb2df03f6bb5af0064efa830 03e808f7a63f82da8cb87d25dab982e6 701f23d5820188583c74157711aad587 68930680418688514f9f4326c602fd77 88025c00fe79ab581f8a7352182433d4 bc120476cbff7563d6e358235e5ddfd0 2c1111344f7d64a678c9 **<enc msg>** f392af81a2604276013c8b2dc7925d01 **<tag>** Using this encrypted packet and It's MAC. I am able to get my original data.

Ahamed Fayaz.

8/22/24, 2:20 PM

@dave_thompson_085 what is security.SX?

dave_thompson_085

8/23/24, 9:23 AM

security.stackexchange.com (versus crypto.stackexchange.com). It's a pain to keep writing out stackexchange.com over and over so I abbreviate it.

Ahamed Fayaz.

8/24/24, 9:01 AM

@dave_thompson_085 Thank you.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Encrypted Alert21- Error code 214

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.