>> I'm writing an OpenSSL client program. It must interoperate with some >> .NET code that uses the SslStream classes. The .NET code is >> correct. If I create a .NET client it connects correctly. If I run >> the .NET server on Windows 7 it works correctly (with .NET client >> and with C plus OpenSSL client). If I run the .NET server code on >> Windows XP only the .NET client code works correctly. The OpenSSL >> code doesn't work. It returns >> >> 5760:error:1408F0C6:SSL >> routines:SSL3_GET_RECORD:packet length too long:.\ssl\s3_pkt.c:357 >> >> I've read this request >> http://comments.gmane.org/gmane.comp.encryption.openssl.user/28201 >> but the solution doesn't solve my problem (the suggestion is to use >> the SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER option) >> >> >> read from 0xa73e98 [0xa79648] (7 bytes => 7 (0x7)) >> 0000 - 16 03 01 86 f4 02 ...... >> 0007 - <SPACES/NULS> > > Translating the above. Handshake protocol, TLS 1.0 and length of 0x86f4 > whereas RFC2246 states a maximum of 2^14 == 0x4000. The big buffer > workaround adds another 0x4000 but that still isn't enough.
Note that above referred post to openssl-users discusses insufficient buffer for CertificateRequest message (when server is configured for client certificate authentication and collects *all* suitable root certificates it can find in computer's certificate store). But here we are talking about ServerHello message! The only possibility for blow-up is extensions, which makes me really wonder what kind of extension is it? Therefore I wonder if you, Massimiliano, can collect network traffic capture (e.g. with Wireshark) when it works. > The server is fairly clearly violating the specs here. You could try > upping the value of SSL3_RT_MAX_EXTRA and also using the big buffer flag > to see if that helps. While it might help collect traffic I'd argue that it's server that absolutely needs to be fixed. Because if it's not, then you're likely to run into connectivity issues with other applications. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
