The branch master has been updated via edaff9123a6cb70d686b93455572f9cf313563d5 (commit) from 37de7802c8761a93ce77322f3e840240d458a5bc (commit)
- Log ----------------------------------------------------------------- commit edaff9123a6cb70d686b93455572f9cf313563d5 Author: Benjamin Kaduk <bka...@akamai.com> Date: Thu Mar 12 13:48:19 2020 -0700 Add FAQ entry for "server sends HTTP headers in a loop" Older versions of a few commercial HTTPS servers don't handle extended-master-secret and/or encrypt-then-mac very well, but we end up getting asked about this weird behavior that shows up when people upgrade to OpenSSL 1.1.0 clients. Text largely taken from the discussion at https://github.com/openssl/openssl/issues/9360 . Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Reviewed-by: Mark J. Cox <m...@awe.com> Reviewed-by: Paul Dale <paul.d...@oracle.com> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/web/pull/157) ----------------------------------------------------------------------- Summary of changes: docs/faq-2-user.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/faq-2-user.txt b/docs/faq-2-user.txt index 74126ab..3bc8ff7 100644 --- a/docs/faq-2-user.txt +++ b/docs/faq-2-user.txt @@ -213,3 +213,18 @@ this increases the size of the default ClientHello message to more than 255 bytes in length. Some software cannot handle this and hangs. +* Some secure servers emit an infinite loop of HTTP headers with an OpenSSL + 1.1.0 client, is this a bug? + + OpenSSL 1.1.0 introduced support for several new TLS extensions, including + encrypt-then-mac and extended-master-secret, both of which provide + significant security improvements. Unfortunately, some deployed TLS + servers are severely broken and do not implement extensibility in a + standards-compliant manner; these servers may exhibit strange behavior + such as repeating the HTTP headers in a loop after receiving a ClientHello + that includes such TLS extensions unknown to them. While these new TLS + extensions provide significant security benefits to clients and are + accordingly enabled by default in modern TLS clients, if bringing the + server into compliance is not possible, the extension(s) in question can + be disabled on a per-connection basis when talking to the buggy server, by + using SSL_set_options(3).