[openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected
Hubert Kario via RT
rt at openssl.org
Fri Sep 25 14:02:36 UTC 2015
On Friday 25 September 2015 13:55:56 Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 01:20:12pm +0000, Hubert Kario via RT wrote:
> > Current OpenSSL-1.0.1, 1.0.2 as well as state-machine-rewrite
> > branches reject Client Hello messages bigger than 2^14+4 bytes.
>
> IIRC SSLv3 does place the limit at 2^14 or so bytes, so I think the
> problem is that OpenSSL only checks for that.
yes, it does place a limit of 2^14, but only on _records_, not handshake
messages that travel in those records
> I think a proper fix would be to have all the ssl_get_message() calls
> changed to use the proper "max" parameter depending on the protocol
> version.
As far as I can tell, SSLv3, TLS1.0, TLS1.1 and TLS1.2 are exactly the
same as in they don't specify any upper size limit for the Handshake
protocol messages or Client Hello specifically other than the limits
enforced by the length fields themselves.
Remember, the records are completely independent of messages that travel
through them, record layer is just there to multiplex the different
protocols that are required for TLS to work (handshake, CCS, application
data, etc.)
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150925/2557cfdc/attachment.sig>
More information about the openssl-dev
mailing list