On Mon, Oct 9, 2023 at 11:55 AM Gentry Deng via nginx <nginx@nginx.org> wrote: > > ... > I'm able to reproduce the problem. It looks like a bug in www.paypal.cn's > server. They didn't implement TLS 1.2 correctly. Specifically, they do not > correctly handle when the ClientHello comes in in two reads. Before Kyber, > this wasn't very common because ClientHellos usually fit in a packet. But > Kyber makes ClientHellos larger, so it is possible to get only a partial > ClientHello in the first read, and require a second read to try again. This > is something that any TCP-based application needs to handle; you may not have > gotten the whole message on a given read and need to keep on reading. > > www.paypal.cn will need to fix their server to correctly handle this case.
It sounds like this, assuming they are using a F5: <https://my.f5.com/manage/s/article/K72042050>. Broken middleware is always interesting. One of my favorites was Ironport and its fixed sized buffer for a ClientHello that resulted in buffer overflows and crashes when TLS 1.1 and TLS 1.2 increased the size of a ClientHello due to additional cipher suites. See <https://www.mail-archive.com/openssl-users@openssl.org/msg73489.html>. Jeff _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx