On Thu, Jun 12, 2014 at 06:00:05PM +0200, Kurt Roeckx wrote: > On Thu, Jun 12, 2014 at 02:06:53PM +0200, Florian Weimer wrote: > > On 06/12/2014 01:28 PM, Salz, Rich wrote: > > >>Since the patch for CVE-2014-0224 I've so far received 2 reports about > > >>people getting the error: "ccs received early". > > > > > >So they kiddies can read. We thought so, but good to have confirmation. > > >Thanks! > > > > What do you mean? As far as I can tell, this is about an interoperability > > issue. > > Yes. As far as I can see all reports are about 0.9.8o sending > large amounts of data to 1.0.1e.
So I can reproduce it. But I can only seem to be reproducing it when using postgres having a 1.0.1 talk to a 0.9.8. For me it happens at exactly the same place in the dump file each time, after 480 MB has been transfered. Other are reporting it after a different amount. According to wireshark a CCS is send at that time, together with some "Encrypted Handshake Message"s. I'm not sure how to debug this. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
