[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

[Stephen Henson via RT]

On Sun May 01 07:32:17 2016, henrik at newdawn.dk wrote:
> Thank you all for the assistance - trying to convince Qt/C++ SSL
> sockets to do as you've described by cutting down on ciphers. I did
> check std Google Chrome ClientHello which does only contain about 10
> cipher suites - where Qt seems to include a lot more (all supported) -
> so what i'm trying to determine now is which can I safely skip - based
> on name , bit, protocol - this is for a web browser so if anyone have
> any insight into which ciphers makes sense here that'd be greatly
> appreciated - for now i'm trying to just use the same as other
> browsers.

Ah I should've been a bit clearer. The -bugs option does *not* cut down the
number of ciphersuites it adds a bug workaround. If you set the flag
SSL_OP_TLSEXT_PADDING it should work with that server.

In a bit more detail. The original problem was triggered by a ClientHello 256
or more bytes in size and is the load balancer bug. After some consultation
with the vendor it turns out that the bug is triggered by a ClientHello between
256 and 511 bytes in size.So a workaround was developed that pads the
ClientHello so it exceeds 511 bytes in size if it would otherwise be between
256 and 511 bytes.

That's what that flag does if you set it.

So why isn't this the default behaviour of OpenSSL? Well it was at one point
but it turned out a separate implementation (which was OK otherwise) couldn't
handle the larger ClientHello with padding. So some buggy servers choke without
the flag and some with it.

The proper fix of course is for the affected server to update its load
balancing software: the bug is actually several years old now.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524
Please log in as guest with password guest if prompted