from RT#2777 On Monday 27 June 2016 20:43:07 Rich Salz via RT wrote: > please open a new ticket if this is still an issue with current (at least > 1.0.2, ideally master) sources.
Current 1.0.2 still doesn't handle ClientHello.client_version set to 0x00,0x00 correctly in a 0x03, 0x00 record layer, the connection is just closed without sending an Alert message. current master handles all correctly all test performed: 3, 3 version in 3, 0 record - passed 3, 3 version in 3, 254 record - passed 254, 254 version in 3, 254 record - passed 254, 254 version in 3, 0 record - passed 0, 0 version in 3, 0 record - fail (if you think any other values should be checked, feel free to contact me) reproducer script: https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-version-numbers.py to reproduce: openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch openssl s_server -key localhost.key -cert localhost.crt -www 2>server.err >server.out & openssl_pid=$! git clone https://github.com/tomato42/tlsfuzzer pushd tlsfuzzer git clone https://github.com/tomato42/tlslite-ng .tlslite-ng ln -s .tlslite-ng/tlslite tlslite git clone https://github.com/warner/python-ecdsa .python-ecdsa ln -s .python-ecdsa/ecdsa ecdsa PYTHONPATH=. python scripts/test-version-numbers.py popd kill $openssl_pid -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4596 Please log in as guest with password guest if prompted
signature.asc
Description: PGP signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
