[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Albe Laurenz via RT
rt at openssl.org
Fri Jan 15 13:53:00 UTC 2016
Hubert Kario wrote:
> The bug is still present in version tagged as OpenSSL_1_1_0-pre1
>
> Moreover I've verified that the miTLS implementation[1] shows expected
> behaviour - it accepts the interleaved application data everywhere but
> between CCS and Finished.
I don't know if that is feasible, but maybe it would be an option to
introduce a cache for all Application Data messages received during a
renegotiation handshake.
The wouldn't be processed right away, but are kept until the handshake
has finished and get processed after that.
Essentially a reordering of the received messages to avoid the problems.
Or is that a silly idea?
Yoours,
Laurenz Albe
More information about the openssl-dev
mailing list