On Thu, May 09, 2013 at 04:54:33PM +0000, Viktor Dukhovni wrote: > So I'm more interested in any leads about which servers are prone > to this misbehaviour. Did any past OpenSSL versions mishandle > session tickets and acccept the session only to then fail to > negotiate correctly (zero length finished)? > > It seems likely that the servers are running some OpenSSL version > or other, but so far I only have directl access to the client, not > the server. > > Is there anything in past versions of OpenSSL that would have > trouble with session tickets? Maybe a poor interaction between > tickets and an external session cache? (Postfix uses the session > callbacks to save and restore sessions from an on-disk shared > database). I've tried a bunch of different OpenSSL versions, and > can't reproduce the issue with any server I compile. (I am not > fool enough to break this foolproof system).
One of the servers is: OpenSSL 0.9.9-dev 09 May 2008 built on: NetBSD 5.1_STABLE platform: NetBSD-x86_64 options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int) blowfish(idx) compiler: gcc version 4.1.3 20080704 (prerelease) (NetBSD nb3 20111107) OPENSSLDIR: "/etc/openssl" does that ring any bells? Can anyone think of a specific ticket-related bug fixed between 0.9.9-dev and 1.0.0 that can account for malformed handshakes with zero-length finished messages? With any luck this issue is limited to a small number of older NetBSD servers running 0.9.9-dev. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org