Composition of DES_CBC_SHA
markhack at markhack.com
Sun Mar 19 17:30:22 UTC 2023
Also POODLE - Padding Oracle on Downgrade to LEgacy, is a two part
Padding Oracle attacks on SSLv3 are well known BUT a large number of
people assumed if you offered higher levels of TLS that you could avoid
this unless a legacy client, which used only SSLv3, attached.
The POODLE attack showed clearly that you could force a downgrade to
legacy SSLv3 so just supporting it opened you to PO attacks.
As Victor has pointed out, this is two fragments of
0x18 + 0x28 = 0x40 or 64 decimal which is indeed a multiple of 8.
On Sun, 2023-03-19 at 12:41 -0400, Viktor Dukhovni wrote:
> On Sun, Mar 19, 2023 at 03:09:47PM +0000, Ren Yanyu wrote:
> > I use SSL_write(ssl, buf, len) send the data to a memory BIO and
> > read
> > the encrypted message. For example, one of the message reads:
> > 17 03 00 00 18
> > ab d0 3c ae 20 f5 f8 ad dd 92 06 83 32 bd fa 6a
> > 02 44 5d ec 7b 6d 0c 2b
> > 17 03 00 00 28
> > 66 45 37 06 e6 86 3e d2 cc 77 c1 0b 45 dd 96 0c
> > c3 7c 23 8e ea 72 fa a6 f0 67 74 28 38 ae 37 23
> > 92 b8 07 96 ce 0f d3 ea
> You're confusing TCP segments with TLS records. A single TCP segment
> can carry more than one TCL record (or fewer, if the record is longer
> than the TCP MSS, or is the last fragment of a long record).
More information about the openssl-users