There seems to be a bug in ssl/s3_clnt.c in both 0.9.6g
and 0.9.7beta3. The problem is that the OpenSSL client software
will send an IllegalParameter alert and abort the handshake with certain SSLv3
and TLS servers.
In 0.9.6g, the code starts on line 643 (line 639 in 0.9.7beta3):
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
/* SSLref returns 16 :-( */
if (j < SSL2_SSL_SESSION_ID_LENGTH)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
goto f_err;
}
}
This code has the effect of causing the OpenSSL
client software to reject ServerHello messages with session IDs
of non-zero length less than 16 (SSL2_SSL_SESSION_ID_LENGTH == 16).
While this might be the thing to do for SSLv2 (the
ID had to be either 0 or 16 bytes in length in SSLv2), it is not the thing
to do for SSLv3 or TLS.
I don't see anything in the SSLv3 draft or the TLS RFC that
disallows the use of session IDs of length less than 16.
They just say that the session ID can be between 0 and 32 bytes
in length. Period.
This code should only reject these short session IDs if it
is speaking SSLv2; it should not do this for SSLv3 or TLS.
-Ivan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
