Whew, *finally* we got around to putting this into master. Thanks! :)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4063
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Fri, Sep 25, 2015 at 02:02:36pm +, Hubert Kario via RT wrote:
> On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote:
> > On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote:
> > > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite
> > > branches
On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 02:02:36pm +, Hubert Kario via RT wrote:
> > On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT
wrote:
> > > On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT
wrote:
> > >
On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote:
> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote:
> > As a matter of test I changed the ssl_get_message() in
> > ssl3_get_client_hello() to use 0xFF (uint24 max) as maximum size,
>
> it doesn't have in
On 25/09/15 17:05, Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote:
>> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote:
>>> As a matter of test I changed the ssl_get_message() in
>>> ssl3_get_client_hello() to use
On 25/09/15 17:05, Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote:
>> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote:
>>> As a matter of test I changed the ssl_get_message() in
>>> ssl3_get_client_hello() to use
On Fri, Sep 25, 2015 at 04:17:33PM +, Matt Caswell via RT wrote:
>
>
> On 25/09/15 17:05, Alessandro Ghedini via RT wrote:
> > On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote:
> >> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote:
> >>> As a matter of
(since we're not talking about OpenSSL any more, I'm dropping the RT)
On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote:
> FWIW I checked a couple of TLS implementations I have around (GnuTLS
> and s2n), and AFAICT they don't check for a maximum size at all.
what do you mean
On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 04:17:33PM +, Matt Caswell via RT wrote:
> > On 25/09/15 17:05, Alessandro Ghedini via RT wrote:
> > > On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT
wrote:
> > >> On Friday 25
On Fri, Sep 25, 2015 at 05:11:39pm +, Hubert Kario via RT wrote:
> On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote:
> > On Fri, Sep 25, 2015 at 04:17:33PM +, Matt Caswell via RT wrote:
> > > On 25/09/15 17:05, Alessandro Ghedini via RT wrote:
> > > > On Fri, Sep 25,
On Fri, Sep 25, 2015 at 07:06:31PM +0200, Hubert Kario wrote:
> (since we're not talking about OpenSSL any more, I'm dropping the RT)
>
> On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote:
> > FWIW I checked a couple of TLS implementations I have around (GnuTLS
> > and s2n),
Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite branches
reject Client Hello messages bigger than 2^14+4 bytes.
RFC 5246 specifies maximum size of just the extensions field to be
2^16-1:
struct {
ProtocolVersion client_version;
Random random;
On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote:
> Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite branches
> reject Client Hello messages bigger than 2^14+4 bytes.
IIRC SSLv3 does place the limit at 2^14 or so bytes, so I think the problem is
that OpenSSL only
On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 01:20:12pm +, Hubert Kario via RT wrote:
> > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite
> > branches reject Client Hello messages bigger than 2^14+4 bytes.
>
> IIRC SSLv3 does
14 matches
Mail list logo