From: Jeffrey Altman <[EMAIL PROTECTED]> jaltman> In ssl\s3_srvr.c ssl3_get_client_key_exchange() there is a call to jaltman> jaltman> n=ssl3_get_message(s, jaltman> SSL3_ST_SR_KEY_EXCH_A, jaltman> SSL3_ST_SR_KEY_EXCH_B, jaltman> SSL3_MT_CLIENT_KEY_EXCHANGE, jaltman> 400, /* ???? */ jaltman> &ok); jaltman> jaltman> The problem is that the max message size of 400 is too small to jaltman> contain a Kerberos 5 AP_REQ message. These messages can exceed 1K jaltman> depending on the number of keys (and even authorization data) included jaltman> in the message. Does anyone know why the number 400 was selected? jaltman> jaltman> What should this be? Judging (sp?) from the code in s3_both.c, the number can be anything from a programming point of view, so I'd say that any number you think you can feel safe with should work. I have no real problem with increasing that number to something like, say, 2048... -- Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ssl3_get_client_key_exchange() ssl3_get_message() max lengthtoo small
Richard Levitte - VMS Whacker Wed, 15 Nov 2000 21:58:35 -0800
- ssl3_get_client_key_exchange() ssl3_get_mess... Jeffrey Altman
- Re: ssl3_get_client_key_exchange() ssl3... Richard Levitte - VMS Whacker
- Re: ssl3_get_client_key_exchange() ssl3... Jeffrey Altman
