Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Ylian_S_Intel
Employee
54 Views

IMRSDK.dll with TLS seems broken in SDK 6.0

I was playing around with Intel AMT with TLS enabled (Enterprise mode) tonight and had no problem connecting using an older IMRSDK.dll (Version 1.1.2 works great). But with the latest IMRSDK.dll included in the ATM 6.0 SDK (Version 1.1.3) any connection using TLS fails with AMT 2.5, AMT 4.0, AMT 5.0 (yes, I tried all 3).

I used Wireshark to look at the traffic and Intel AMT rejects the initial TLS "Client Hello" packet with a "Internal Alert" error and shutsdown the connection. Bellow at the two dumps. On the working trace, Intel AMT will select Cipher Suite (0x002F), but on the broken trace 3 new cipher suites are present, but also an empty "SessionTicket" at the bottom of the client hello. It's a likely guess that this empty SessionTicket is causing Intel AMT to fail. I tried both 32bit and 64bit version of IMRSDK.dll v1.1.3 and both have the same problem.


THIS IS THE BAD TRACE, NOTE THE SESSION TICKET AT THE BOTTOM

26649-Dump1.png




THIS IS THE CLIENT HELLO OF A GOOD TRACE (IMRSDK.dll v1.1.2)



26650-Dump2.png

Also attached at the original .pcap files. These are taken between Commander and a Santa Rose AMT 2.5 laptop. The only different is the IMRSDK.dll version is swapped. Please fix!

Thanks,
Ylian
0 Kudos
2 Replies
Lance_A_Intel
Employee
54 Views

Thanks for the info, Ylian.
Let me look into this and I will get back to you.
Lance_A_Intel
Employee
54 Views

This appears to be a bug that is currently being fixed by the development team.
Reply