On Friday, 15 April 2016 13:22:52 CEST Hubert Kario via RT wrote: > Using either current 1.0.1 or 1.0.2 branch (7a433893a and 9676402c3a > respectively) openssl s_server command does not send Alert message upon > receiving a malformed or invalid Client Key Exchange message in DHE key > exchange. > > That applies to messages that are longer and shorter than needed as well > as messages that include client key shares bigger than the prime selected > by server.
the issue is still present in master 0ed26acce328ec16a3aa Reproducer: =========== (requires Python 2.6, 3.2 or later) git clone https://github.com/tomato42/tlsfuzzer.git pushd tlsfuzzer git clone https://github.com/warner/python-ecdsa .python-ecdsa ln -s .python-ecdsa/ecdsa ecdsa git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng pushd .tlslite-ng popd ln -s .tlslite-ng/tlslite tlslite popd openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt \ -nodes -batch -subj /CN=localhost openssl s_server -www -key localhost.key \ -cert localhost.crt # in another terminal, same directory PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-dhe-rsa-key-exchange-with-bad-messages.py -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4511 Please log in as guest with password guest if prompted
signature.asc
Description: PGP signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
