Re: CBC vulnerability workaround

Wed, 03 Jul 2002 08:48:54 -0700 

> I have found nothing in the SSL 3.0 and TLS 1.0 specifications that
> forbids fragments of length zero.  The length is given as a 'uint16'
> value; the specification defines upper limits, but no lower limits.
> 
> draft-freier-ssl-version3-02.txt (SSL 3.0):
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> 5.2.1 Fragmentation
> 
>    The record layer fragments information blocks into SSLPlaintext
>    records of 2^14 bytes or less.  [...]
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> RFC 2246 (TLS 1.0):
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> 6.2.1. Fragmentation
> 
>    The record layer fragments information blocks into TLSPlaintext
>    records carrying data in chunks of 2^14 bytes or less. [...]
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> 
> > I have come across a large commercial user of SSL services for whom
> > the workaround fails.  The transmission of the data frame with no
> > application data generates an SSL Alert causing the application to
> > close the connection.  The developers of the SSL library being used
> > have replied that SSLv3 does not permit data frames containing no
> > application data.  
> 
> Can they cite a particular provision in the specification that forbids
> records with a fragment length of zero?  I haven't found one, and
> length-zero fragments are handled well by many implementations
> (including Microsoft IIS).

Bodo:

Thanks for the reply.  They are quoting:

  draft-netscape-ssl-v2
  1.1 SSL Record Header Format

     In SSL, all data sent is encapsulated in a record, an object which is
     composed of a header and some non-zero amount of data

  RFC2246
  6.2. Record layer

   The TLS Record Layer receives uninterpreted data from higher layers
   in non-empty blocks of arbitrary size.



 Jeffrey Altman * Sr.Software Designer     Kermit 95 2.0 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/            Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]               OpenSSL.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to