On Mon, Aug 27, 2001 at 03:37:11PM -0700, Alex Bereznyi wrote:
> I stumbled on a bug in ssl\s3_clnt.c, line 855,
> in function ssl3_get_key_exchange(SSL *s)
> the limit on possible message size is hardcoded to 8K:
>
> n=ssl3_get_message(s,
> SSL3_ST_CR_KEY_EXCH_A,
> SSL3_ST_CR_KEY_EXCH_B,
> -1,
> 1024*8, /* ?? */
> &ok);
>
> while using the latest Apache and mod_ssl
> (Apache 1.3.17, Mod_SSL 2.8.0, OpenSSL 0.9.6)
> with SSLCipherSuite set to MEDIUM in Apache config,
> result in message size 9865 bytes,
> so SSL handshake fails with SSL_R_EXCESSIVE_MESSAGE_SIZE.
>
> The fix is trivial, just use 10K or more for the limit, I tested it - works
> fine. Latest 0.9.6b build still has this problem,
> I hope this fix will make it into next release.
This problem has been fixed in the CVS tree on August 7, 2001 and the
fix will therefore be part of the next release.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
