On Friday 25 September 2015 14:20:40 Hubert Kario wrote: > On Friday 25 September 2015 11:40:27 Matt Caswell wrote: > > On 25/09/15 11:25, Hubert Kario via RT wrote: > > > On Friday 25 September 2015 10:47:42 Matt Caswell wrote: > > >> However, I have some concerns with the wording of the RFC. It > > >> seems > > >> to place no limits whatsoever on when it is valid to receive app > > >> data in the handshake. By the wording in the RFC it would be > > >> valid > > >> for app data to be received *after* the ChangeCipherSpec has been > > >> received but *before* the Finished has been processed. This seems > > >> dangerous to me because it is not until the Finished is processed > > >> that we verify the handshake data MAC - and yet we could already > > >> have acted upon app data received. I assume the intent was to > > >> allow the interleaved app data only up until the point that the > > >> CCS is received. I have attached a patch for 1.0.2 that > > >> implements > > >> that logic. > > > > > > yes, I think the only place in which the handshake protocol and > > > application data _can't_ be interleaved is between the CCS and > > > Finished. > > > > It would be nice to have a test for that wouldn't it ;-) > > yeah, but it will be hard to do, you know, with it requiring an TLS > implementation to misbehave ;) > > I'll make one as soon as I'll finish the test cases for record layer > fragmentation of initial Client Hello (there are few bugs there too)
and done, in the same repo just run scripts/test-interleaved-application-data-in-renegotiation.py -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev