On Thu, May 09, 2013 at 04:54:33PM +0000, Viktor Dukhovni wrote:
> So I'm more interested in any leads about which servers are prone
> to this misbehaviour. Did any past OpenSSL versions mishandle
> session tickets and acccept the session only to then fail to
> negotiate correctly (zero length finished)?
>
> It seems likely that the servers are running some OpenSSL version
> or other, but so far I only have directl access to the client, not
> the server.
>
> Is there anything in past versions of OpenSSL that would have
> trouble with session tickets? Maybe a poor interaction between
> tickets and an external session cache? (Postfix uses the session
> callbacks to save and restore sessions from an on-disk shared
> database). I've tried a bunch of different OpenSSL versions, and
> can't reproduce the issue with any server I compile. (I am not
> fool enough to break this foolproof system).
One of the servers is:
OpenSSL 0.9.9-dev 09 May 2008
built on: NetBSD 5.1_STABLE
platform: NetBSD-x86_64
options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int)
blowfish(idx)
compiler: gcc version 4.1.3 20080704 (prerelease) (NetBSD nb3 20111107)
OPENSSLDIR: "/etc/openssl"
does that ring any bells? Can anyone think of a specific ticket-related
bug fixed between 0.9.9-dev and 1.0.0 that can account for malformed
handshakes with zero-length finished messages?
With any luck this issue is limited to a small number of older
NetBSD servers running 0.9.9-dev.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
