>
> When OpenSSL inserts an empty fragment, it fragments a single message
> into multiple parts, the first of which happens to be empty. I
> concede that this might appear pointless as long as one doesn't know
> about the CBC security issues, but nothing in the specification speaks
> against it.
On Wed, Jul 03, 2002 at 12:07:01PM -0400, Jeffrey Altman wrote:
>> Can they cite a particular provision in the specification that forbids
>> records with a fragment length of zero? I haven't found one, and
>> length-zero fragments are handled well by many implementations
>> (including Microsoft
> I have found nothing in the SSL 3.0 and TLS 1.0 specifications that
> forbids fragments of length zero. The length is given as a 'uint16'
> value; the specification defines upper limits, but no lower limits.
>
> draft-freier-ssl-version3-02.txt (SSL 3.0):
>
On Wed, Jul 03, 2002 at 09:54:15AM -0400, Jeffrey Altman wrote:
> Is there a summary somewhere of the changes that were made to the
> SSLv3 and TLSv1 message exchanges to avoid the vulnerability in the
> CBC cipher suites?
I'm not aware of a proper summary of all the issues involved.
> In parti
Is there a summary somewhere of the changes that were made to the
SSLv3 and TLSv1 message exchanges to avoid the vulnerability in the
CBC cipher suites?
In particular, I need to know:
. the description of the vulnerability
. a description of the workaround
. a summary of why the workaround