Some factors of Bad Mac Error in SSL session log on SSL Visibility Appliance

search cancel

Some factors of Bad Mac Error in SSL session log on SSL Visibility Appliance

book

Article ID: 174246

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

SSL session log shows "Bad Mac Error" as following cases.

Retransmission packets is not same as original packet.

For example, original data were several packets but retransmit is one packet as following

[original packets]

105284 20xx-xx-xx xx:xx:33.457000 xx.xx.xx.xx xxx.xxx.xxx.xx TLSv1.2 325 7391 Application Data

Sequence number: 41136 (relative sequence number)

Next sequence number: 41407 (relative sequence number)

105292 20xx-xx-xx xx:xx:33.567000 xx.xx.xx.xxx xxx.xxx.xxx.xx TLSv1.2 163 7391 Application Data

Sequence number: 41407 (relative sequence number)

Next sequence number: 41516 (relative sequence number)

......

[retransmit packet]

105339 20xx-xx-xx xx:xx:34.143000 xx.xx.xx.xxx xxx.xxx.xxx.xx TCP 1414 7391 [TCP Retransmission] 8080 → 50278 [ACK] Seq=41136 Ack=25939 Win=65535 Len=1360

Sequence number: 41136 (relative sequence number)

Next sequence number: 42496 (relative sequence number)

Cause

Retransmission packets is not same as original packet.
This behavior is based on design specification on SSL Visibility Version 3.x

Environment

SSL Visibility Version 3.x

Resolution

Upgrade to SSL Visibility version 4.xx.
Please check SSL Visibility release note before upgrade to 4.x.x.
You can download release note and install image from MySymantec.

Feedback

thumb_up Yes

thumb_down No