[openssl-users] Broken ChangeCipherspec record in TLS 1.2 with OpenSSL 1.0.2d?
Matt Caswell
matt at openssl.org
Thu Aug 6 13:34:43 UTC 2015
On 06/08/15 13:48, Paul Hebert wrote:
> We are using a wildcard certificate requiring SNI and are also requiring
> client certificate authentication.
>
> Our TLS 1.2 client is seeing a ChangeCipherspec record with length 30
> bytes (x19) instead of the expected 0x01. The broken ChangeCipherspec
> record looks like this (hex) *14 03 03 00 01 19*.
That isn't the length byte:
14 = Record Content Type is a CCS message
03 03 = TLS 1.2
00 01 = Length of 1 byte
19 = 1 byte content of the CCS
The RFCs only define one valid value for the content of a CCS, and that
is the value 1 so this is an invalid message.
> Is this a problem
> with the TLS 1.2 client, or a problem with the OpenSSL 1.0.2d patch (for
> CVE-2015-1793)?
It is highly unlikely to be a problem with the 1.0.2d patch since
CVE-2015-1793 fixes a libcrypto problem. CCS messages are entirely
generated within libssl.
Looking at the code I can't see any way how the CCS content could be
anything other than one - it's hard coded in.
I assume from your description above that your client is not OpenSSL. I
would look there first, or perhaps some middleware box? Can you get a
packet capture of what OpenSSL is actually sending?
Matt
More information about the openssl-users
mailing list