Dr Stephen Henson wrote:
>
> Rene G. Eberhard wrote:
> >
> > > Dr Stephen Henson wrote:
> > > >
> > > > Adrian Peck wrote:
> > > > >
> > > > > The basic problem is that IE4 or 5 will issue a client hello message
> > > > > immediately after receiving the server hello and server
> > > certificate if it
> > > > > finds that this certificate was a Server Gated Crypto ( SGC )
> > > certificate.
> > > > > The 'point' of this is to change the cipher suites that are
> > > offered to the
> > > > > server without starting a new SSL session. My code peeks at the client
> > > > > message to check for a client hello and resets the SSL state to
> > > > > SSL_ST_ACCEPT if it spots one. The code is only visited if
> > > the SSL mode
> > > > > SSL_MODE_NCIPHER_SGC_HACK is set.
> >
> > Am I right in understanding that this is not according to RFC2246?
> > A proper implementation should abort the handshake with a fatal alert.
> >
>
> OpenSSL currently does abort the handshake with a fatal alert: thats why
> MS SGC wont work. However this isn't TLS RFC2246 its SSLv3 but its the
> same wording. The relevant portion of the spec is:
>
> > 7.4.1.2. Client hello
> >
> > When this message will be sent:
> > When a client first connects to a server it is required to send
> > the client hello as its first message. The client can also send a
> > client hello in response to a hello request or on its own
> > initiative in order to renegotiate the security parameters in an
> > existing connection.
>
> It depends on how the term "existing connection" is interpreted. If it
> means an established SSL session then yes sending client hello after a
> server certificate message is a violation of the protocol.
>
> Alternatively it be interpreted to mean that the client can send a
> client hello at any time: including during the initial handshake. If
> this is the case then it is acceptable.
Nope: quoting from TLS (OK, it may be that SSLv3 is different, I haven't
checked):
The handshake protocol messages are presented below in the order they
must be sent; sending handshake messages in an unexpected order
results in a fatal error.
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
