On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni wrote:
> > Length: 00 00 9c (156)
> > ...
> > 0x01,0x88 7 ???
> > ...
> > 0xC0,0x12 14 ECDHE-RSA-DES-CBC3-SHA Au=RSA
> > ...
> > 0x00,0x40 22 DHE-DSS-AES128-SHA256 Au=DSS
> > ...
>
> All the ciphersuites offered except one (DSS) are RSA.
It turned out that there were multiple "bit errors" in the hex dump,
perhaps as a result of a "noisy" console connection, or auto-correct of
cut/paste, or similar. None of the above were in fact what the client
sent.
- The length was 154 as expected.
- The 0188 was: 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- The c012 was: 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- The 0040 was: 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
So, no oddball hello fragmentation, no unregistered ciphers, no 3DES and
no DSS. Sometimes its the evidence that's wrong, not the underlying
behaviour.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
