On 01/05/14 12:26, Stephen Henson via RT wrote:
On Thu May 01 12:29:58 2014, meiss...@suse.de wrote:

SUSE has received a bugreport from a user, that the "padding"
change breaks IronPort SMTP appliances.
Ironically it was added as a workaround for another bug. The padding extension
was believed to have no side effects... obviously that isn't true :-(

If you use a smaller cipherstring it should also work without having to force

Steve, have you considered trimming the DEFAULT cipher list?

It's currently...

I wonder how many of these ciphers are actually ever negotiated in real-world use.

The padding extension is only used if the ClientHello would be between 256 and
511 bytes in length so if you reduce the number of ciphersuites it wont be

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to