> [steve - Sat Feb 11 19:58:27 2012]: > > > [appro - Sat Feb 11 14:24:23 2012]: > > > > Note that above referred post to openssl-users discusses insufficient > > buffer for CertificateRequest message (when server is configured for > > client certificate authentication and collects *all* suitable root > > certificates it can find in computer's certificate store). But here we > > are talking about ServerHello message! The only possibility for blow-up > > is extensions, which makes me really wonder what kind of extension is > > it? Therefore I wonder if you, Massimiliano, can collect network traffic > > capture (e.g. with Wireshark) when it works. > > > > Perhaps someone is using an MPEG-of-cat extension but for ServerHello now? > > The output of -tlsextdebug option to s_client would be useful when it > works too. >
Though thinking about this the violation is at the record layer and it is using an illegal value for the fragment length. The actual contents of the record could be multiple handshake messages, not just server hello. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
