I was playing around with Intel AMT with TLS enabled (Enterprise mode) tonight and had no problem connecting using an older IMRSDK.dll (Version 1.1.2 works great). But with the latest IMRSDK.dll included in the ATM 6.0 SDK (Version 1.1.3) any connection using TLS fails with AMT 2.5, AMT 4.0, AMT 5.0 (yes, I tried all 3).

I used Wireshark to look at the traffic and Intel AMT rejects the initial TLS "Client Hello" packet with a "Internal Alert" error and shutsdown the connection. Bellow at the two dumps. On the working trace, Intel AMT will select Cipher Suite (0x002F), but on the broken trace 3 new cipher suites are present, but also an empty "SessionTicket" at the bottom of the client hello. It's a likely guess that this empty SessionTicket is causing Intel AMT to fail. I tried both 32bit and 64bit version of IMRSDK.dll v1.1.3 and both have the same problem.


THIS IS THE BAD TRACE, NOTE THE SESSION TICKET AT THE BOTTOM






THIS IS THE CLIENT HELLO OF A GOOD TRACE (IMRSDK.dll v1.1.2)




Also attached at the original .pcap files. These are taken between Commander and a Santa Rose AMT 2.5 laptop. The only different is the IMRSDK.dll version is swapped. Please fix!

Thanks,
Ylian