On Thursday, 13 October 2016 23:33:19 CEST Ilari Liusvaara wrote:
> Ok, dumped the handshake using wireshark. Wireshark seems to think
> the SNI with two lengths is perfectly sane.

that's because wireshark doesn't perform length checks on many fields of TLS

There are both valid messages rejected by wireshark (fragmented over multiple 
records) and invalid messages accepted by wireshark.

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

TLS mailing list

Reply via email to