On Wed, Jul 03, 2002 at 09:54:15AM -0400, Jeffrey Altman wrote:
Is there a summary somewhere of the changes that were made to the
SSLv3 and TLSv1 message exchanges to avoid the vulnerability in the
CBC cipher suites?
I'm not aware of a proper summary of all the issues involved.
In
I have found nothing in the SSL 3.0 and TLS 1.0 specifications that
forbids fragments of length zero. The length is given as a 'uint16'
value; the specification defines upper limits, but no lower limits.
draft-freier-ssl-version3-02.txt (SSL 3.0):
5.2.1 Fragmentation
The record
On Wed, Jul 03, 2002 at 12:07:01PM -0400, Jeffrey Altman wrote:
Can they cite a particular provision in the specification that forbids
records with a fragment length of zero? I haven't found one, and
length-zero fragments are handled well by many implementations
(including Microsoft IIS).
When OpenSSL inserts an empty fragment, it fragments a single message
into multiple parts, the first of which happens to be empty. I
concede that this might appear pointless as long as one doesn't know
about the CBC security issues, but nothing in the specification speaks
against it.