[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Stephen Henson via RT
On Sat Apr 30 21:23:30 2016, hen...@newdawn.dk wrote: > Since this is a MS IIS 7.0 server I would argue that it'd be in the > interest of openssl to handle the situation rather than accept this > scenario - since IIS is likely powering more than a few hosts? It is > possible to have the host

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Viktor Dukhovni
> On Apr 30, 2016, at 5:26 PM, Salz, Rich wrote: > >> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest >> of >> openssl to handle the situation rather than accept this scenario - since IIS >> is >> likely powering more than a few hosts? > > It's

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Salz, Rich
> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest > of > openssl to handle the situation rather than accept this scenario - since IIS > is > likely powering more than a few hosts? It's a known bug, and openssl can work-around the bug by configuring as described.

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Salz, Rich via RT
> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest > of > openssl to handle the situation rather than accept this scenario - since IIS > is > likely powering more than a few hosts? It's a known bug, and openssl can work-around the bug by configuring as described.

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Henrik Hofmeister via RT
Since this is a MS IIS 7.0 server I would argue that it'd be in the interest of openssl to handle the situation rather than accept this scenario - since IIS is likely powering more than a few hosts? It is possible to have the host correctly list its supported protocols using nmap - i'd assume

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Kurt Roeckx via RT
On Sat, Apr 30, 2016 at 08:59:46PM +, Matt Caswell via RT wrote: > > This is not a bug in OpenSSL. The problem here is that the server is behaving > incorrectly when receiving large ClientHello messages. The ClientHello is the > first message that is sent from the client to the server. If a

[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Matt Caswell via RT
On Sat Apr 30 19:51:51 2016, hen...@newdawn.dk wrote: > Hi there > > I've recently come across what looks to be an internal bug in openssl: > > Original symptoms was that neither "curl" or "wget" could access the > following site: > > https://coverage.tre.se - this site is using TLS 1.0 (only) and

[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

2016-04-30 Thread Henrik Hofmeister via RT
Hi there I've recently come across what looks to be an internal bug in openssl: Original symptoms was that neither "curl" or "wget" could access the following site: https://coverage.tre.se - this site is using TLS 1.0 (only) and does have some pretty crazy certificate issues - but does show