Re: SSLv23 always makes a V2ClientHello, no matter what...

Wed, 08 Oct 2003 04:25:38 -0700 

On Wed, Oct 08, 2003, Richard Levitte - VMS Whacker wrote:

> In message <[EMAIL PROTECTED]> on Tue, 7 Oct 2003 19:16:59 +0200, "Dr. Stephen 
> Henson" <[EMAIL PROTECTED]> said:
> 
> steve> On Tue, Oct 07, 2003, Richard Levitte - VMS Whacker wrote:
> steve> 
> steve> > As has been seen in my last few commits, I got a bit obsessed with
> steve> > compression.  The way it works now, at least in 0.9.8-dev, is
> steve> > compliant with draft-ietf-tls-compression-05.txt, as far as I can
> steve> > tell.
> steve> 
> steve> Interesting. Is it still stateless or does it retain the
> steve> compression state for improved performance?
> 
> It's stateful, as required by that draft.
> 

I'll have to look at that. I've got some non-blocking zlib BIO code which is
probably best reimplemented using the compression method stuff: assuming its
flexible enough.

> steve> > The only thing that remains is something that itches me quite a bit.
> steve> > As soon as SSLv23 is used, we can kiss compression goodbye, even if
> steve> > SSLv2 has been disabled.
> steve> > 
> steve> 
> steve> Maybe one for the TLS mailing list? I can think of ways to do
> steve> this such as dummy ciphersuites etc but it would need to be
> steve> standardised.
> 
> I think that part is already answered by the following, taken from
> appendix E in RFC 2246:
> 

Ah, I'm itcing on a different thing then :-)

I was thinking that there should be a way to represent supported compression
methods in the v2 client hello. For example RFC2246 appendix E again has a
general way of representing a V3 ciphersuite as a V2 one:

V2CipherSpec (see TLS name) = { 0x00, CipherSuite };

something like:

V2CipherSpec (see TLS name) = { 0xXX, 0xXX, CompressionMethod };

I suspect the reason this hasn't been done is that hardly anyone has
implemented compression so far.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to