On Sun, May 07, 2006, Dr. Stephen Henson wrote: > On Sat, May 06, 2006, Victor Duchovni wrote: > > > > > Can the work-around be made compatible with zlib? > > > > It isn't just zlib AFAICS, it may be triggered in other cases too. > > Well at this stage it isn't clear what the correct solution is, it needs a bit > of further study... >
Well looking at this more closely it *is* just when compression is enabled that this happens. The code assumes the first packet is of even length so that if an odd length packet is found it can assume the bug is present. When compression is enabled this assumption is no longer true. Since the work around has existed since the SSLeay days I'd say that it is very unlikely that a buggy implementation will also support compression. So I'd say the simplest solution is to disable the check if compression is negotiated. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]