[openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

Whew, *finally* we got around to putting this into master. Thanks! :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4063 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 02:02:36pm +, Hubert Kario via RT wrote: > On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote: > > On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote: > > > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite > > > branches

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote: > On Fri, Sep 25, 2015 at 02:02:36pm +, Hubert Kario via RT wrote: > > On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote: > > > On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote: > > >

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote: > On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote: > > As a matter of test I changed the ssl_get_message() in > > ssl3_get_client_hello() to use 0xFF (uint24 max) as maximum size, > > it doesn't have in

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On 25/09/15 17:05, Alessandro Ghedini via RT wrote: > On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote: >> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote: >>> As a matter of test I changed the ssl_get_message() in >>> ssl3_get_client_hello() to use

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On 25/09/15 17:05, Alessandro Ghedini via RT wrote: > On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote: >> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote: >>> As a matter of test I changed the ssl_get_message() in >>> ssl3_get_client_hello() to use

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 04:17:33PM +, Matt Caswell via RT wrote: > > > On 25/09/15 17:05, Alessandro Ghedini via RT wrote: > > On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote: > >> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote: > >>> As a matter of

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

(since we're not talking about OpenSSL any more, I'm dropping the RT) On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote: > FWIW I checked a couple of TLS implementations I have around (GnuTLS > and s2n), and AFAICT they don't check for a maximum size at all. what do you mean

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote: > On Fri, Sep 25, 2015 at 04:17:33PM +, Matt Caswell via RT wrote: > > On 25/09/15 17:05, Alessandro Ghedini via RT wrote: > > > On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote: > > >> On Friday 25

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 05:11:39pm +, Hubert Kario via RT wrote: > On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote: > > On Fri, Sep 25, 2015 at 04:17:33PM +, Matt Caswell via RT wrote: > > > On 25/09/15 17:05, Alessandro Ghedini via RT wrote: > > > > On Fri, Sep 25,

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 07:06:31PM +0200, Hubert Kario wrote: > (since we're not talking about OpenSSL any more, I'm dropping the RT) > > On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote: > > FWIW I checked a couple of TLS implementations I have around (GnuTLS > > and s2n),

[openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite branches reject Client Hello messages bigger than 2^14+4 bytes. RFC 5246 specifies maximum size of just the extensions field to be 2^16-1: struct { ProtocolVersion client_version; Random random;

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote: > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite branches > reject Client Hello messages bigger than 2^14+4 bytes. IIRC SSLv3 does place the limit at 2^14 or so bytes, so I think the problem is that OpenSSL only

Re: [openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected

On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote: > On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote: > > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite > > branches reject Client Hello messages bigger than 2^14+4 bytes. > > IIRC SSLv3 does