> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
> Sent: Sunday, January 02, 2000 12:14 AM
> To: [EMAIL PROTECTED]
> Subject: Re: SGC support in OpenSSL
>
>
> Rene G. Eberhard wrote:
> >
> > > Dr Stephen Henson wrote:
> > > >
> > > > Adrian Peck wrote:
> > > > >
> > > > > The basic problem is that IE4 or 5 will issue a client
> hello message
> > > > > immediately after receiving the server hello and server
> > > certificate if it
> > > > > finds that this certificate was a Server Gated Crypto ( SGC )
> > > certificate.
> > > > > The 'point' of this is to change the cipher suites that are
> > > offered to the
> > > > > server without starting a new SSL session. My code peeks
> at the client
> > > > > message to check for a client hello and resets the SSL state to
> > > > > SSL_ST_ACCEPT if it spots one. The code is only visited if
> > > the SSL mode
> > > > > SSL_MODE_NCIPHER_SGC_HACK is set.
> >
> > Am I right in understanding that this is not according to RFC2246?
> > A proper implementation should abort the handshake with a fatal alert.
> >
>
> OpenSSL currently does abort the handshake with a fatal alert: thats why
> MS SGC wont work. However this isn't TLS RFC2246 its SSLv3 but its the
> same wording. The relevant portion of the spec is:
>
> > 7.4.1.2. Client hello
> >
> > When this message will be sent:
> > When a client first connects to a server it is required to send
> > the client hello as its first message. The client can also send a
> > client hello in response to a hello request or on its own
> > initiative in order to renegotiate the security parameters in an
> > existing connection.
>
> It depends on how the term "existing connection" is interpreted. If it
> means an established SSL session then yes sending client hello after a
> server certificate message is a violation of the protocol.
>
> Alternatively it be interpreted to mean that the client can send a
> client hello at any time: including during the initial handshake. If
> this is the case then it is acceptable.
I don't think that it is acceptable because of:
<draft-freier-ssl-version3-02.txt>
5.6 Handshake protocol:
The handshake protocol messages are presented in the order they
must be sent; sending handshake messages in an unexpected order
results in a fatal error.
A ClientHello after a Certificate message is not the right order.
The HelloRequest indeed is a special case.
> Not only inappropriate but not possible. We have no control over what
> MSIE sends and MS isn't likely to change it just to be friendly
> particularly if their servers and clients seem to have better
> performance as a result.
>
> What I was wondering was if MS servers can actually determine from some
> info in the handshake that it is an export version of MSIE and it will
> send the second client hello and thus expect it.
Good question. Perhaps a special sequence in the ClientHello.random ;-).
Regards Rene
--
-----------------------------------------------------------
Rene G. Eberhard
Mail : [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
