[openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected
Hubert Kario
hkario at redhat.com
Fri Sep 25 17:06:31 UTC 2015
(since we're not talking about OpenSSL any more, I'm dropping the RT)
On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote:
> FWIW I checked a couple of TLS implementations I have around (GnuTLS
> and s2n), and AFAICT they don't check for a maximum size at all.
what do you mean by that? As we've said with Matt, you can't create a
valid Client Hello bigger than 131396 bytes...
or do you mean that they accept malformed Client Hello messages?
or that they do accept SSLv3 Client Hellos with arbitrary sized junk at
the end?
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150925/1903f82b/attachment.sig>
More information about the openssl-dev
mailing list