One of our engineers says this:
FWIW, looking at the code, the problematic chunk, added to ssl/s23_clnt.c by
tls12_workarounds.patch, was
@@ -467,6 +469,15 @@
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+ /* Some servers hang if client hello > 256 bytes
+ * as hack workaround chop number of supported ciphers
+ * to keep it well below this if we use TLS v1.2
+ */
+ if (TLS1_get_version(s) >= TLS1_2_VERSION
+ && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+ i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
s2n(i,p);
p+=i;
OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is defined to 50, and is actually the
number of bytes to use for the cipher list in the handshake, not the
number of ciphers. Each cipher uses 2 bytes, so we actually get only 25
ciphers.
And somebody that knows openssl might want to double-check that call to
TLS1_get_version(s) - right before this chunk, there's a call to the
function that actually adds the ciphers to the handshake buffer
(ssl_cipher_list_to_bytes). That function compares the return value of
TLS1_get_client_version(s) with TLS1_2_VERSION and then decides to skip
the TLS1.2-only ciphers, which puts RC4-SHA among the first 50.
Either changing OPENSSL_MAX_TLS1_2_CIPHER_LENGTH to 100 (which actually
means 50 ciphers) or changing the TLS1_get_version(s) to
TLS1_get_client_version(s) fixes things, though I have no idea what this
last change means.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
