On 01/05/14 12:26, Stephen Henson via RT wrote:
On Thu May 01 12:29:58 2014, meiss...@suse.de wrote:
Hi,

SUSE has received a bugreport from a user, that the "padding"
extension
change breaks IronPort SMTP appliances.
<snip>
Ironically it was added as a workaround for another bug. The padding extension
was believed to have no side effects... obviously that isn't true :-(

If you use a smaller cipherstring it should also work without having to force
SSLv3.

Steve, have you considered trimming the DEFAULT cipher list?

It's currently...
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"

I wonder how many of these ciphers are actually ever negotiated in real-world use.

The padding extension is only used if the ClientHello would be between 256 and
511 bytes in length so if you reduce the number of ciphersuites it wont be
used.

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to