search cancel

Some factors of Bad Mac Error in SSL session log on SSL Visibility Appliance

book

Article ID: 174246

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

SSL session log shows "Bad Mac Error" as following cases.

Retransmission packets is not same as original packet.

For example, original data were several packets but retransmit is one packet as following


[original packets]

105284  20xx-xx-xx xx:xx:33.457000        xx.xx.xx.xx        xxx.xxx.xxx.xx       TLSv1.2 325         7391       Application Data

Sequence number: 41136    (relative sequence number)

Next sequence number: 41407    (relative sequence number)


105292  20xx-xx-xx xx:xx:33.567000        xx.xx.xx.xxx       xxx.xxx.xxx.xx       TLSv1.2 163         7391       Application Data

Sequence number: 41407    (relative sequence number)

Next sequence number: 41516    (relative sequence number)


......

[retransmit packet]

105339  20xx-xx-xx xx:xx:34.143000        xx.xx.xx.xxx       xxx.xxx.xxx.xx       TCP        1414       7391       [TCP Retransmission] 8080 → 50278 [ACK] Seq=41136 Ack=25939 Win=65535 Len=1360

Sequence number: 41136    (relative sequence number)

Next sequence number: 42496    (relative sequence number)

Cause

Retransmission packets is not same as original packet.
This behavior is based on design specification on SSL Visibility Version 3.x

Environment

SSL Visibility Version 3.x

Resolution

Upgrade to SSL Visibility version 4.xx.
Please check SSL Visibility release note before upgrade to 4.x.x.
You can download release note and install image from MySymantec.