On 02/06/2013 03:07 PM, Holger Weiß wrote:
* Dr. Stephen Henson <st...@openssl.org> [2013-02-06 20:14]:
On Wed, Feb 06, 2013, Brad House wrote:
DHE-RSA-CAMELLIA256-SHA also has the same issue. I'm thinking it may be
a -SHA issue as the only -SHA cipher I've gotten to work so far is RC4-SHA.
Note though the TLSv1.2+HIGH ciphers that use SHA256 and greater look fine.
Hmmm... if it's a problem with the CVE-2013-0169 it would appear when you
select a ciphersuites using a block cipher.
I'm (most probably) seeing the same issue with the pre-shared key cipher
suites PSK-AES256-CBC-SHA, PSK-AES128-CBC-SHA, and PSK-3DES-EDE-CBC-SHA.
PSK-RC4-SHA works fine.
As "git bisect" revealed, the culprit is indeed commit 125093b59f3c.
Reverting it fixes the issue.
I'll revert 125093b59f3c and test as well.
In ssl/s3_cbc.c and the function ssl3_cbc_record_digest_supported try
setting it to return 0 when NID_sha1 is passed.
This doesn't help.
I agree, just tried it, still see the corruption symptom.
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
