This change causes a number of problems. Not least of which that kerberos ciphersuites no longer work at all on OpenSSL 0.9.8e.
In more detail: 1. We should check pms not p for the version info. If the rollback bug flag is to tolerate clients (including OpenSSL before this) which put random data at the start of pms we should ignore the start when the rollback bug flag is set. 2. The change to the server state machine does not include the corresponding change to the client state machine. This causes a fatal "unexpected message" alert when attempting to use any kerberos ciphersuites. 3. This change breaks interoperability with OpenSSL's previous (broken) behaviour. This will have an impact on deployed servers/clients using OpenSSL 0.9.8d or earlier. It is possible to make the new client code tolerate older (broken) OpenSSL servers but we can't make older clients work with the new server without reproducing the old buggy behaviour. I've committed a fix to 1 and 2. For 3 for now I've set it to tolerate older servers silently. We might want to remove that change or have it only enabled when a certain bugs flag is set. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
