Version Selection Bug

Andreas Sterbenz Tue, 27 Jul 1999 06:25:49 -0700
Hi,

I believe I have found a small bug in the SSLv3/TLS selection code. I
used OpenSSL 0.9.3a but I assume other versions will be affected as well.

The problem occurs with OpenSSL as server and a SSLv3/TLS compatible
client which wants to open an SSL 3.0/ TLS 1.0 session. Per TLS spec
(RFC2246, Appendix E, page 66) the thing for the client to do is:

...TLS clients who wish to negotiate with SSL 3.0 servers should send
client hello messages using the SSL 3.0 record format and client hello
structure, sending {3, 1} for the version field to note that they support
TLS 1.0. If the server supports only SSL 3.0, it will respond with an SSL
3.0 server hello; if it supports TLS, with a TLS server hello. The
negotiation then proceeds as appropriate for the negotiated protocol.

When I do that OpenSSL answers with a version 3.0 in both the record
version field and the server hello, see the output below. The rest is of
course SSL 3.0. It appears that OpenSSL requires the record version
number to be 3.1, otherwise it won't go into TLS mode.

I believe this problem has not been discovered so far because it does not
occur with a v2 client hello message. Also, both OpenSSL and MS IE5 send
a 3.1 record for their SSLv3/TLS client hello when v2 is disabled.

I would like to hear your view on that.

 Andreas Sterbenz              mailto:[EMAIL PROTECTED]

>./openssl s_server -www -state -debug
Using default temp DH parameters
ACCEPT
SSL_accept:before/accept initialization
read from 081092C0 [0810EC60] (7 bytes => 7 (0x7))
0000 - 16 03 00 00 37 01                                 ....7.
0007 - <SPACES/NULS>
read from 081092C0 [0810EC67] (53 bytes => 53 (0x35))
0000 - 00 33 03 01 37 9d ba a1-cf 3c 83 52 1e ef e7 d0   .3..7....<.R....
0010 - 0d c9 3c 7a 75 0e 60 15-9c 2f 8e c2 06 0e 68 41   ..<zu.`../....hA
0020 - a0 e0 36 bd 00 00 0c 00-0a 00 07 00 04 00 09 00   ..6.............
0030 - 06 00 03 01                                       ....
0035 - <SPACES/NULS>
SSL_accept:SSLv3 read client hello A
write to 081092C0 [081180F8] (79 bytes => 79 (0x4F))
0000 - 16 03 00 00 4a 02 00 00-46 03 00 37 9d ad 37 0d   ....J...F..7..7.
0010 - 62 ae 45 81 9d 21 f7 ff-91 09 45 3e ea 1d a5 1f   b.E..!....E>....
0020 - 6b 2a 83 19 2a ab 66 58-88 56 be 20 ba 1b fd a5   k*..*.fX.V. ....
0030 - ff 08 2c 1c f6 a7 da e9-6f 46 4c 05 65 c7 bf 9a   ..,.....oFL.e...
0040 - 2e 6e d2 7a 67 fc 09 ae-4b 2c 1e b7 00 0a         .n.zg...K,....
004f - <SPACES/NULS>
SSL_accept:SSLv3 write server hello A
write to 081092C0 [081180F8] (508 bytes => 508 (0x1FC))
0000 - 16 03 00 01 f7 0b 00 01-f3 00 01 f0 00 01 ed 30   ...............0
smime.p7s
Version Selection Bug

Reply via email to
