[openssl-dev] [openssl.org #4063] Client Hello longer than 2^14 bytes are rejected
Alessandro Ghedini
alessandro at ghedini.me
Fri Sep 25 17:29:41 UTC 2015
On Fri, Sep 25, 2015 at 07:06:31PM +0200, Hubert Kario wrote:
> (since we're not talking about OpenSSL any more, I'm dropping the RT)
>
> On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote:
> > FWIW I checked a couple of TLS implementations I have around (GnuTLS
> > and s2n), and AFAICT they don't check for a maximum size at all.
>
> what do you mean by that? As we've said with Matt, you can't create a
> valid Client Hello bigger than 131396 bytes...
>
> or do you mean that they accept malformed Client Hello messages?
> or that they do accept SSLv3 Client Hellos with arbitrary sized junk at
> the end?
No and no. I meant that OpenSSL seems to be the only implementation (among the
ones that I checked) to perform maximum length checks on handshake messages.
That is, checking that the message doesn't exceed a pre-defined maximum length
by only looking at the message type and length fields, before even trying to
parse the message body.
The fact that the other libraries don't do this check at all suggests that
increasing the limit in OpenSSL (or even removing the limit completely)
shouldn't affect it negatively.
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150925/2ca61979/attachment.sig>
More information about the openssl-dev
mailing list