On Wed, Nov 13, 2002 at 04:14:54PM -0800, Jeremiah Gowdy wrote:
> I am using OpenSSL 0.9.6d. The application uses a Win32 compile, but this
> problem has been demonstrated under a FreeBSD compile too.
>
> I was doing application development (not the topic of this email)
> interacting with an IBM developed SSL library. I experienced unexpected
> disconnects immediately after the SSL handshake takes place. According to
> the IBM developer, this is an OpenSSL bug due to an extra 24 bytes
> supposedly sent by OpenSSL after the handshake is complete.
You are probably experiencing an effect caused by the following change
for 0.9.6d:
*) Implement a countermeasure against a vulnerability recently found
in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
before application data chunks to avoid the use of known IVs
with data potentially chosen by the attacker.
In order to work around this incompatibility, the following new option
was introduced for 0.9.6e:
*) New option
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
that was added in OpenSSL 0.9.6d.
This option is automatically enabled, if SSL_OP_ALL is set, please see
the SSL_CTX_set_options manual page.
Please update your version of OpenSSL, as beyond this particular problem
0.9.6d is known to have security vulnerabilities!!!
Best regards,
Lutz
PS. Whether this is considered to be a "bug" on OpenSSL's side, or whether
OpenSSL is correct in sending an empty fragment and the peer's software is
incorrect, is another topic.
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
