On Wed, Jul 23, 2014, Ted Unangst wrote:
> On Wed, Jul 23, 2014 at 10:20, Hanno B??ck wrote:
> > Quick background: Some router firmwares from F5 have a bug that they
> > fail if the SSL handshake is between 256 and 511 bytes.
Is this the same problem discussed in
Message-ID: <20140410170056.gi12...@mournblade.imrryr.org>
on the openssl-users list?
Subject: Re: openssl update 1.0.1f to 1.0.1g broke sendmail
(SSL23_GET_SERVER_HELLO:tlsv1 alert decode error)
> > Following up that openssl and other major ssl implementations
> > introduced a TLS padding extension that does nothing else than padding
> > the handshake if it is between these sizes.
> hmm. the workaround isn't particularly intrusive imo. also, while our
> policy has been minimal workarounds, i think that applies to the host
> operating system. interop compat is a different beast.
Yes -- if it is the problem referenced above then it breaks some
other software, i.e., some MTAs.
