>>> So I'm getting more and more reports of sites that have a problem >>> since 1.0.1. They basicly fall in 2 categories: >>> - They don't tolerate versions higher than TLS 1.0 >>> - They don't like big packets. >>> >>> Of the 2nd case I have at least found people complain about those >>> sites: >>> - www.facebook.com >>> - www.paypal.com >>> - sourceforge.net >> It seems to be combination. For example www.paypal.com actually can >> negotiate TLS 1.2, but doesn't tolerate long TLS 1.2 ClientHello. Most >> notably 'openssl s_client -connect www.paypal.com:443 -cipher >> DEFAULT:\!AES' results in 0xF8 bytes TLS 1.2 ClientHello and it manages >> to connect and negotiate 1.2! But test with -cipher ALL. This for some >> reason results in SSL *2.0* ClientHello which is 0x1B5[!] bytes long, >> but it does announce TLS 1.2 capability and final negotiated version is >> ... TLS 1.2! Once again, SSL 2.0 [and TLS 1.0] ClientHello *may* be >= >> 256 bytes, but not TLS 1.[12] ClientHello. But it doesn't seem to mean >> that server doesn't support 1.2... > > Yes, paypal seems to support TLS 1.2 (but not 1.1), which is why > I've put them in the second category. > > So you're saying you send a different ClientHello depending on the > size? If it's > 0xFF you send an SSL 2.0 ClientHello, but > announce 1.2 while otherwise you send a TLS 1.2 ClientHello?
I merely report empiric findings. I wouldn't say "I'm sending different ClientHello depending on the size", as I'm not modifying any code [at the moment]. SSL 2.0 ClientHello is sent if you specify -cipher ALL, for *some* reason. It's empirically found that SSL 2.0 and TLS 1.0 ClientHellos larger than 256 bytes *are* accepted, while TLS 1.1 and 1.2 have to be shorter to be accepted. As SSL 2.0 leaves room for higher version negotiation you can send 2.0 hello larger than 256 bytes and negotiate TLS 1.2. So it's not like paypal doesn't like big packets, it doesn't like TLS 1.1 and 1.2 big packets. > It doesn't make sense to me, and that doesn't seem to happen here. Bugs never make sense. But what do you mean by "doesn't seem to happen here"? Can you connect with 'openssl s_client -connect www.paypal.com:443 -cipher DEFAULT:\!AES' and 'openssl s_client -connect www.paypal.com:443 -cipher ALL'? If not can you send 'nslookup www.paypal.com' and outputs with -msg. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
