On Thu, Jun 12, 2014 at 06:00:05PM +0200, Kurt Roeckx wrote:
On Thu, Jun 12, 2014 at 02:06:53PM +0200, Florian Weimer wrote:
On 06/12/2014 01:28 PM, Salz, Rich wrote:
Since the patch for CVE-2014-0224 I've so far received 2 reports about
people getting the error: ccs received early.
On Sat, Jun 14, 2014 at 04:23:13PM +0200, Kurt Roeckx via RT wrote:
Yes. As far as I can see all reports are about 0.9.8o sending
large amounts of data to 1.0.1e.
So I can reproduce it. But I can only seem to be reproducing it
when using postgres having a 1.0.1 talk to a 0.9.8. For me
On Sat, Jun 14, 2014 at 04:42:19PM +, Viktor Dukhovni wrote:
On Sat, Jun 14, 2014 at 04:23:13PM +0200, Kurt Roeckx via RT wrote:
Yes. As far as I can see all reports are about 0.9.8o sending
large amounts of data to 1.0.1e.
So I can reproduce it. But I can only seem to be
On Sat, Jun 14, 2014 at 07:12:06PM +0200, Kurt Roeckx via RT wrote:
So it's 0.9.8o (+patches) (server, sending data) talking to
OpenSSL_1_0_1-stable (client). After some data transfer I see:
s-c: Hello Request
c-s: Client Hello
s-c: Server Hello, Certificate, Server Hello Done
c-s: Client
Fixed now:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3b77f01702cbbb75c77
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
On 06/12/2014 01:28 PM, Salz, Rich wrote:
Since the patch for CVE-2014-0224 I've so far received 2 reports about people getting the
error: ccs received early.
So they kiddies can read. We thought so, but good to have confirmation.
Thanks!
What do you mean? As far as I can tell, this is
On Thu, Jun 12, 2014 at 02:06:53PM +0200, Florian Weimer wrote:
On 06/12/2014 01:28 PM, Salz, Rich wrote:
Since the patch for CVE-2014-0224 I've so far received 2 reports about
people getting the error: ccs received early.
So they kiddies can read. We thought so, but good to have
