On Fri, Sep 25, 2015 at 07:06:31PM +0200, Hubert Kario wrote: > (since we're not talking about OpenSSL any more, I'm dropping the RT) > > On Friday 25 September 2015 16:54:02 Alessandro Ghedini via RT wrote: > > FWIW I checked a couple of TLS implementations I have around (GnuTLS > > and s2n), and AFAICT they don't check for a maximum size at all. > > what do you mean by that? As we've said with Matt, you can't create a > valid Client Hello bigger than 131396 bytes... > > or do you mean that they accept malformed Client Hello messages? > or that they do accept SSLv3 Client Hellos with arbitrary sized junk at > the end?
No and no. I meant that OpenSSL seems to be the only implementation (among the ones that I checked) to perform maximum length checks on handshake messages. That is, checking that the message doesn't exceed a pre-defined maximum length by only looking at the message type and length fields, before even trying to parse the message body. The fact that the other libraries don't do this check at all suggests that increasing the limit in OpenSSL (or even removing the limit completely) shouldn't affect it negatively. Cheers
signature.asc
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
