On Fri, Oct 09, 2015 at 05:02:47pm +, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 07:57:21pm +, Alessandro Ghedini via RT wrote:
> > FYI, I just pushed another patch that does the above (moving the check and
> > sending an alert) which I think is the best option (although, as
On Thu, Oct 08, 2015 at 07:57:21pm +, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 06:26:27pm +, Alessandro Ghedini via RT wrote:
> > On Thu, Oct 08, 2015 at 06:14:00pm +, Alessandro Ghedini via RT wrote:
> > > On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini v
On Thu, Oct 08, 2015 at 06:26:27pm +, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 06:14:00pm +, Alessandro Ghedini via RT wrote:
> > On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini via RT wrote:
> > > On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT
On Thursday 08 October 2015 17:37:12 Viktor Dukhovni wrote:
> On Thu, Oct 08, 2015 at 04:12:50PM +, Hubert Kario via RT wrote:
> > The server does not abort connection upon receiving a Client Hello
> > message with malformed session_id field.
> >
> > Affects 1.0.1, 1.0.2 and master.
> >
> > I
On Thu, Oct 08, 2015 at 06:14:00pm +, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini via RT wrote:
> > On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT wrote:
> > > The server does not abort connection upon receiving a Client Hello
On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT wrote:
> > The server does not abort connection upon receiving a Client Hello
> > message with malformed session_id field.
> >
> > Affects 1.0.1, 1.0.2 and ma
On Thu, Oct 08, 2015 at 04:12:50PM +, Hubert Kario via RT wrote:
> The server does not abort connection upon receiving a Client Hello
> message with malformed session_id field.
>
> Affects 1.0.1, 1.0.2 and master.
>
> In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is
> def
On Thu, Oct 08, 2015 at 05:19:06PM +, Alessandro Ghedini via RT wrote:
> The problem most likely happens with SSLv2 backwards compatible ClientHello as
> well, but that seems to be easier to fix... or maybe it's time to just drop
> that compatibility code for v1.1?
I would love to have dropped
On Thursday 08 October 2015 17:19:06 Alessandro Ghedini via RT wrote:
> The problem most likely happens with SSLv2 backwards compatible
> ClientHello as well, but that seems to be easier to fix... or maybe
> it's time to just drop that compatibility code for v1.1?
There is quite a bit of clients t
On Thu, Oct 08, 2015 at 05:19:06PM +, Alessandro Ghedini via RT wrote:
> The problem most likely happens with SSLv2 backwards compatible ClientHello as
> well, but that seems to be easier to fix... or maybe it's time to just drop
> that compatibility code for v1.1?
I would love to have dropped
On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT wrote:
> The server does not abort connection upon receiving a Client Hello
> message with malformed session_id field.
>
> Affects 1.0.1, 1.0.2 and master.
>
> In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is
> defi
11 matches
Mail list logo