On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote: > On Fri, Sep 25, 2015 at 01:20:12pm +0000, Hubert Kario via RT wrote: > > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite > > branches reject Client Hello messages bigger than 2^14+4 bytes. > > IIRC SSLv3 does place the limit at 2^14 or so bytes, so I think the > problem is that OpenSSL only checks for that.
yes, it does place a limit of 2^14, but only on _records_, not handshake messages that travel in those records > I think a proper fix would be to have all the ssl_get_message() calls > changed to use the proper "max" parameter depending on the protocol > version. As far as I can tell, SSLv3, TLS1.0, TLS1.1 and TLS1.2 are exactly the same as in they don't specify any upper size limit for the Handshake protocol messages or Client Hello specifically other than the limits enforced by the length fields themselves. Remember, the records are completely independent of messages that travel through them, record layer is just there to multiplex the different protocols that are required for TLS to work (handshake, CCS, application data, etc.) -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
