>> the 64 bit version of the test looks like it doesn't include >> the "Empty Fragments" security countermeasure > > If you're using TLS v1.1 or 1.2 then you shouldn't encounter empty > fragments on any version as they are not required any more as CBC mode > includes an explicit IV. The TLS tests are 1.0. The same code built on a 32 bit platform gives different results, though the initial negotiation looks the same. I've attached the 32/64 bit pcaps.
The tests that give problems, (DTLS and TLS), have three things in common: 1) They use OpenSSL 1.0.1 2) They are built on x86_64 3) They set the cipher list with a call to: SSL_CTX_set_cipher_list(ctx, [a very long cipher list]) The "very long cipher list" in question is a copy of this string: static const char ssl_1_0_0_ciphers[]= "ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:" "DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:" "AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:" "EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:" "DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:" "DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:" "DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:" "SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:" "ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:" "EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5"; If I do any of the following the tests work as expected: - revert to OpenSSL 1.0.0h - build 32 bit - remove the cipher list, (use defaults)
tls-1.0-i686.pcap
Description: Binary data
tls-1.0-x86_64.pcap
Description: Binary data
