I had written:
>> The following appeared in my web server's SSL error log (newlines added
>> for readability):
>>
>> [Fri May 1 07:08:20 1998]
>> error:0406406F:rsa routines:RSA_EAY_PRIVATE_DECRYPT:sslv3 rollback attack
>>
>> I'm running Apache_1.2.4 + SSL_1.11 (using ssleay 0.8.1).
Eric wrote:
> hmm... very interesting.
> If a client connects, saying it can do SSLv3 and the server responds with
> SSLv2, it then encodes the RSA pkcs1 padding in a special way.
> The server, if it can do SSLv3, will check that this padding is not present
> when doing SSLv2. It is basically meant to check that SSLv3 capable servers
> and browsers are talking the top protocol they can.
>
> I know some browsers don't implemented this correctly (I seem to rememeber old
> versions of MSIE are all over the place), and the check can be turned off by
> using the SSL_OP_MSIE_SSLV2_RSA_PADDING option to the
> SSL_CTX_set_options() call.
>
> Ah! I knew I had it documented somewhere. In
> http://www.cryptsoft.com/ssleay/doc/vendor-bugs.html
>
> MICROSOFT SSLv2 PKCS#1 padding error
> MSIE 3.02, when doing SSLv2 (SSLv3 is turned off), all ways uses the
> SSLv2/v3 special PKS1 padding of 8 bytes of value 3. In it should not
> do so if it is talking only SSLv2 (SSLv2 hello message with a version
> of number of 2).
In other words, there's nothing much I can do at this end....
What I should do in the non-SSL page that points the user to "enter"
the SSL page, is print a big fat warning saying that if they're running
any MSIE 3.02 or earlier, to forget it. (I currently do that for
MSIE earlier than 3.02, but not for 3.02 itself.)
Unfortunately, our web stats tell us that there is still a _huge_ number
of folks out there running Netscape < 3.x and MSIE <= 3.02 :-(
As someone wrote in a .signature,
"Windows95 is not a virus. A virus is small and efficient."
-T.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
