Hubert Kario wrote: >> Fixing this sort of problem is going to be *hard* and probably require >> quite a lot of non-trivial changes - definitely not the sort of the >> thing I want to be doing in a stable branch. Fixing this is an >> example of what I meant by "onerous mitigations", but I now realise >> it is absolutely necessary if we wanted to pursue this. >> >> I think we should be marking this as a "won't fix" for all released >> versions. The question is whether we should even attempt to fix it for >> 1.1.0 or not. > > we may actually be able to patch this up partially in 1.0.x > > the original problem description mentions server being unable to process > application data before Certificate/Client Key Exchange, not in any > place what so ever > > (Albe, please double check if you didn't saw Java sending app data at > any different point)
I ran my test with the patched version of OpenSSL 1.0.2, PostgreSQL 9.4.5 and Java 1.7.0_71 which completes without errors, and this is a Wireshark trace: 4 0.002744000 10.155.6.40 10.153.93.229 TLSv1 62 Ignored Unknown Record 6 0.003135000 10.153.93.229 10.155.6.40 TLSv1 60 Ignored Unknown Record 7 0.189902000 10.155.6.40 10.153.93.229 TLSv1 259 Client Hello 8 0.192699000 10.153.93.229 10.155.6.40 TLSv1 1485 Server Hello, Certificate, Server Key Exchange, Server Hello Done 9 0.201141000 10.155.6.40 10.153.93.229 TLSv1 129 Client Key Exchange 10 0.208975000 10.155.6.40 10.153.93.229 TLSv1 60 Change Cipher Spec 12 0.210346000 10.155.6.40 10.153.93.229 TLSv1 107 Encrypted Handshake Message 13 0.210739000 10.153.93.229 10.155.6.40 TLSv1 113 Change Cipher Spec, Encrypted Handshake Message 14 0.211317000 10.155.6.40 10.153.93.229 TLSv1 187 Application Data 15 0.212242000 10.153.93.229 10.155.6.40 TLSv1 144 Application Data, Application Data 16 0.212865000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data 17 0.212932000 10.155.6.40 10.153.93.229 TLSv1 123 Application Data 19 0.216170000 10.153.93.229 10.155.6.40 TLSv1 448 Application Data, Application Data 20 0.223596000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data 21 0.223671000 10.155.6.40 10.153.93.229 TLSv1 155 Application Data 23 0.224256000 10.153.93.229 10.155.6.40 TLSv1 144 Application Data, Application Data 24 0.235175000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data 25 0.235258000 10.155.6.40 10.153.93.229 TLSv1 171 Application Data 27 0.235622000 10.153.93.229 10.155.6.40 TLSv1 160 Application Data, Application Data 28 0.236106000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data 29 0.236175000 10.155.6.40 10.153.93.229 TLSv1 155 Application Data 31 0.237038000 10.153.93.229 10.155.6.40 TLSv1 1514 Application Data 37 0.237265000 10.153.93.229 10.155.6.40 TLSv1 1020 Application Data 38 0.237265000 10.153.93.229 10.155.6.40 TLSv1 91 Encrypted Handshake Message 39 0.237265000 10.153.93.229 10.155.6.40 TLSv1 1008 Application Data, Application Data 41 0.241914000 10.155.6.40 10.153.93.229 TLSv1 331 Encrypted Handshake Message 42 0.244284000 10.153.93.229 10.155.6.40 TLSv1 1514 Encrypted Handshake Message, Encrypted Handshake Message 43 0.244285000 10.153.93.229 10.155.6.40 TLSv1 150 Encrypted Handshake Message 45 0.248419000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data 46 0.248492000 10.155.6.40 10.153.93.229 TLSv1 155 Application Data 48 0.253568000 10.155.6.40 10.153.93.229 TLSv1 155 Encrypted Handshake Message 49 0.257257000 10.155.6.40 10.153.93.229 TLSv1 91 Change Cipher Spec 50 0.257494000 10.155.6.40 10.153.93.229 TLSv1 107 Encrypted Handshake Message 52 0.257939000 10.153.93.229 10.155.6.40 TLSv1 144 Change Cipher Spec, Encrypted Handshake Message 53 0.258048000 10.153.93.229 10.155.6.40 TLSv1 1514 Application Data 59 0.258282000 10.153.93.229 10.155.6.40 TLSv1 1020 Application Data 60 0.258283000 10.153.93.229 10.155.6.40 TLSv1 91 Encrypted Handshake Message 61 0.258283000 10.153.93.229 10.155.6.40 TLSv1 1008 Application Data, Application Data 63 0.265872000 10.155.6.40 10.153.93.229 TLSv1 331 Encrypted Handshake Message 64 0.266324000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data 65 0.266431000 10.155.6.40 10.153.93.229 TLSv1 91 Encrypted Alert 67 0.267282000 10.153.93.229 10.155.6.40 TLSv1 293 Encrypted Handshake Message, Change Cipher Spec, Encrypted Handshake Message Ist that good enough? Can you infer from context which "Encrypted Handshake Message" is what? Yours, Laurenz Albe _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev