[openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

On Wed Dec 23 16:48:20 2015, matt wrote: > On Wed Dec 23 15:42:54 2015, d...@inky.com wrote: > > Using the current master (head) code, this reproduces it: > > > > openssl s_client -connect mail.baggett.org:465 > > > > This is my own personal mail server, so feel free to poke and prod > > it. > > >

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

On Sun, Dec 27, 2015 at 10:20:41PM +, Matt Caswell wrote: > > I am very tempted to say that this misconfiguration *should fail, > > it is far better to send an *empty* list of trusted CAs than send > > the Vladivostok phone directory. > > I strongly disagree. I did say *tempted*. In

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

On 23/12/15 17:21, Viktor Dukhovni wrote: > On Wed, Dec 23, 2015 at 04:48:20PM +, Matt Caswell via RT wrote: > >> The problem is that the server has been configured to allow client auth. The >> CertificateRequest message coming from the server seems very long (nearly >> 20k). >> This is

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

Using the current master (head) code, this reproduces it: openssl s_client -connect mail.baggett.org:465 This is my own personal mail server, so feel free to poke and prod it. Dave Sent with inky "Matt Caswell via RT" wrote: On Wed Dec 23

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

OK, let me rebuild against 1.1 and see if I can get you a reproducer or, failing that, a wireshark dump. Dave Sent with inky "Matt Caswell via RT" wrote: On Wed Dec 23 03:54:19 2015, d...@inky.com wrote: > Openssl Version 1.1.0 (master as

[openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

On Wed Dec 23 15:42:54 2015, d...@inky.com wrote: > Using the current master (head) code, this reproduces it: > > openssl s_client -connect mail.baggett.org:465 > > This is my own personal mail server, so feel free to poke and prod it. > Great, thanks. I can reproduce this now. The problem is

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

On Wed, Dec 23, 2015 at 04:48:20PM +, Matt Caswell via RT wrote: > The problem is that the server has been configured to allow client auth. The > CertificateRequest message coming from the server seems very long (nearly > 20k). > This is primarily made up of a long list of acceptable CA

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

> I am very tempted to say that this misconfiguration *should fail, it is far > better to send an *empty* list of trusted CAs than send the Vladivostok > phone directory. Agree. ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

Thanks! Sent with inky "Matt Caswell via RT" wrote: On Wed Dec 23 15:42:54 2015, d...@inky.com wrote: > Using the current master (head) code, this reproduces it: > > openssl s_client -connect mail.baggett.org:465 > > This is my own

[openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

On Wed Dec 23 03:54:19 2015, d...@inky.com wrote: > Openssl Version 1.1.0 (master as of 22-DEC-15) > Mac OS X 10.11.2 > > Connection to my SMTP server, which has a 4096-bit RSA key, fails > with: > > Traceback (most recent call last): > File "tls/_openssl.py", line 359, in handshake > error:

[openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

Openssl Version 1.1.0 (master as of 22-DEC-15) Mac OS X 10.11.2 Connection to my SMTP server, which has a 4096-bit RSA key, fails with: Traceback (most recent call last): File "tls/_openssl.py", line 359, in handshake error: [Errno 5] 1: TLS handshake with server peer failed: