On 2014/07/23 18:36, Claus Assmann wrote:
On Wed, Jul 23, 2014, Ted Unangst wrote:
On Wed, Jul 23, 2014 at 10:20, Hanno Böck wrote:
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
Is this the same problem
Hi,
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
Following up that openssl and other major ssl implementations
introduced a TLS padding extension that does nothing else than padding
the handshake if it is between
On Wed, Jul 23, 2014 at 10:20:23AM +0200, Hanno B?ck wrote:
Hi,
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
F5 should issue fixes for their firmware.
Following up that openssl and other major ssl
On Wed, 23 Jul 2014 01:28:45 -0700
Loganaden Velvindron lo...@elandsys.com wrote:
On Wed, Jul 23, 2014 at 10:20:23AM +0200, Hanno B?ck wrote:
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
F5 should issue fixes
On 2014/07/23 10:36, Hanno Böck wrote:
On Wed, 23 Jul 2014 01:28:45 -0700
Loganaden Velvindron lo...@elandsys.com wrote:
On Wed, Jul 23, 2014 at 10:20:23AM +0200, Hanno B?ck wrote:
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between
An interesting thought Hanno - do we know what other implementations
(Polar, GnuTLS, etc.) do by default?
I'm inclined to agree that it never should have been done. Having said
that, before we nuke it we kind of
need to know if this is has become de-facto standard behaviour thanks
to OpenSSL
On Jul 23, 2014, at 8:04 AM, Bob Beck b...@obtuse.com wrote:
An interesting thought Hanno - do we know what other implementations
(Polar, GnuTLS, etc.) do by default?
PolarSSL does not generate the extension, but tolerates it on the server side.
GnuTLS generates it if you enable the %COMPAT
I think we can consider removing it, but I think it might be best to
wait until after the forthcoming OpenBSD release.
On Wed, Jul 23, 2014 at 8:01 AM, Brent Cook bust...@gmail.com wrote:
On Jul 23, 2014, at 8:04 AM, Bob Beck b...@obtuse.com wrote:
An interesting thought Hanno - do we know
On Wed, Jul 23, 2014 at 10:20, Hanno Böck wrote:
Hi,
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
Following up that openssl and other major ssl implementations
introduced a TLS padding extension that does
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
Following up that openssl and other major ssl implementations
introduced a TLS padding extension that does nothing else than padding
the handshake if it is
On Wed, Jul 23, 2014, Ted Unangst wrote:
On Wed, Jul 23, 2014 at 10:20, Hanno B??ck wrote:
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
Is this the same problem discussed in
Message-ID:
11 matches
Mail list logo