[openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)
Kurt Roeckx via RT
rt at openssl.org
Thu Oct 8 17:27:20 UTC 2015
On Thu, Oct 08, 2015 at 05:19:06PM +0000, Alessandro Ghedini via RT wrote:
> The problem most likely happens with SSLv2 backwards compatible ClientHello as
> well, but that seems to be easier to fix... or maybe it's time to just drop
> that compatibility code for v1.1?
I would love to have dropped that too, but 0.9.8 still sends such
client hello. I think we're stuck with having to support that for
a while longer.
Kurt
More information about the openssl-dev
mailing list