Bodo Moeller wrote:
>
> On Tue, May 23, 2000 at 01:21:51PM +0100, Dr Stephen Henson wrote:
>
> >> Actually there's no security problem for servers to accept a
> >> PreMasterSecret that contains the negotiated protocol version instead
> >> of the client_version from the ClientHello if these don't match;
> >> so it's possible for servers to adopt to both correct and broken
> >> clients, in case there are already TLS 1.0-aware clients that send
> >> incorrect PreMasterSecret messages as expected by those broken SSLv3
> >> servers.
>
> > Yes I was thinking we should make OpenSSL tolerate this, either by
> > default or a bug option. The only way you'll see this though is by
> > connecting with a broken client on an OpenSSL server that disables TLS.
>
> Not as default (it's wrong after all), just as a bug option.
> But first I'd like to see any client that actually shows this behaviour
> -- note that for clients that don't come with TLS 1.0 support,
> all this is not an issue.
MSIE 5.0 does this, well at least version 5.00.2919.6307 You have to
change the default settings (at least on the version I have) to enable
TLS then try connecting to:
openssl s_server -no_tls1
It also seems that this bug was known some time ago. There is a bug
option called SSL_OP_TLS_ROLLBACK_BUG which is otherwise unreferenced in
the code. There was some code which was #if 0'ed out earlier which
seemed to cover this (but do other things as well) but its been deleted
from s3_srvr.c
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
