hello, I'm currently working at school on a vulnerability in openssl version 0.9.6h. It's the Vaudenay's attack on timing reply ( http://lasecwww.epfl.ch/php_code/publications/search.php?ref=CHVV03 ).
The thing is, I have to send many packets to a server after the handshake, and these packets must contain PADDING errors and then MAC errors. With the different times I can see how long it takes for the server to detect a PADDING error and how long for a MAC error. The problem for me, is that when the server returns an error (whatever error it is), it shuts down the connexion, and I have to redo the handshake thing. So here's my question : How can I modify the source code of openssl so that the server don't close the connexion when it sends an error to the client ? What part of the code should I modify ? I hope you can help me with that... Thanks -- View this message in context: http://www.nabble.com/openssl-and-shutdown-t1744295.html#a4740790 Sent from the OpenSSL - Dev forum at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
