Prabhu S wrote:
Hi,
The client is configured with SSLv3_client_method.
*ctx = SSL_CTX_new(SSLv3_client_method());*
Whenever the client tries to connect to server with any CBC ciphers
like DES-CBC3-SHA, the SSL handshake is successful but when the
client tries to send data to server,say 10 bytes, I see from ethereal
that two application records are sent. But the server does not report
reading that data. With cipher RC4-MD5, this is not seen. 10 bytes are
sent in one application record and server reports the receiving of that
particular data.
Now when I set the *SSL_CTX_set_options* with*
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS *(or SSL_OP_ALL), data exchange with
CBC ciphers are successful.
It's isn't exactly unsuccessful with the empty fragments. (They only
apply for block ciphers, so you don't have it with RC4).
What is happening here? Can someone please explain the theory behind
*SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS *option?
See http://www.openssl.org/~bodo/tls-cbc.txt
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
