On Thursday, 13 October 2016 23:33:19 CEST Ilari Liusvaara wrote: > Ok, dumped the handshake using wireshark. Wireshark seems to think > the SNI with two lengths is perfectly sane.
that's because wireshark doesn't perform length checks on many fields of TLS There are both valid messages rejected by wireshark (fragmented over multiple records) and invalid messages accepted by wireshark. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls