It would be unlikely to hit this bug in
practice. I just tried a test with Chromium 65. In the default
configuration, with a 9-byte server name, the TLSCiphertext.length
was 192 bytes. So, in order to hit the bug it would seem that the
server's DNS name would have
Wow! That's a bizarre one. I don't think we've run into this one before,
but, from your description, any given implementation would only have a
1/256 chance of hitting it on every ClientHello change.
10 is a newline, so perhaps some implementation is doing a terrible job
detecting TLS vs. some pla
According to RFC 7685 there was at least one TLS implementation that
would hang the connection if it received a ClientHello record with a
TLSCiphertext.length between 256 and 511 bytes.
During some recent testing I believe that I have come across a
similar length int
