Nelson,
Nelson B wrote:
If the client sends an SSL3/TLS style hello to the server, and the server is an SSL2 (only) server, the server will misinterpret this SSL3/TLS style hello as a very large SSL2 style record, and will wait a long time (maybe as little as 30 seconds, or maybe much longer) for the rest of the message to come in. This appears to a browser user as a "hung" connection, and tends to anger browser users ("damn browser!"), even though it is no fault of the browser's.
To avoid that, browser products continue to this day to send out ssl2-style client hello messages, which make SSL2 servers happy, and which SSL3/TLS servers interpret as SSL3/TLS hellos. But there is no way to put the new "server name indication" into an SSL2-style client hello.
When all the big-value SSL servers finally all upgrade to newer server software than understands more than just SSL2, I think you'll see this new "server name indication" come into play.
Seems to me it's still possible to work around this problem in the following way, but it requires changes in the clients logic, not just NSS :
- NSS would first send a client hello with v2, as it does today
- client would query the server's SSL version, and if not v2, client would abort the connection, and try again with an SSL v3 HELO containing the server name indication extension
While this is quite ugly and wasteful of bandwidth, it is better than a 30s timeout.
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
