Developers,
Is openssl sending the correct TLS alert message when certificate validation
fails due to the received certificate being not yet valid?
During TLS authentication, if certificate validation fails, a TLS alert is sent.
If the received certificate has expired, AlertDescription
1.0.1h - issue with EAP-FAST session resumption
On Sat, Jun 07, 2014, Doug Smith wrote:
All,
Running into an issue with OpenSSL 1.0.1h and EAP-FAST/wpa_supplicant TLS
session resumption.
CVE-2014-0224 code added code to reject the ChangeCipherSpec message if it is
received in incorrect
All,
Running into an issue with OpenSSL 1.0.1h and EAP-FAST/wpa_supplicant TLS
session resumption.
CVE-2014-0224 code added code to reject the ChangeCipherSpec message if it is
received in incorrect order.
Normally the TLS client sends the Finished message before the ChangeCipherSpec
message
The heartbleed web site indicates that openssl is responding to heartbeat
requests during the handshake.
http://heartbleed.com/
... heartbeat request can be sent and is replied to during the handshake phase
of the protocol.
Doesn't RFC6520 clause 3 indicate that a received heartbeat request
Is openssl sending heartbeat response packets during the handshake, and if so,
should it be sending them during the handshake?
The heartbleed web site indicates that openssl is responding to heartbeat
requests during the handshake.
http://heartbleed.com/
... heartbeat request can be sent and is
