Has there been any response to this? I dealt with a similar situation about 6 months ago. It turned out, at first my application was handling some responses to SSL_write() and SSL_read incorrectly: http://www.mail-archive.com/openssl-users@openssl.org/msg67276.html However, after furthur investitgation and fixing of my application issues, I found that OpenSSL was not able to handle the renegotaion scenario I described. Which is basically the one in the 2nd bug ticket link you posted; Peer A initiates a renegotiation while Peer B is sending data. The behavior wasn't exactly the same, I don't think I ever got a failure, but the ClientHello was never read by the server and renegotaion wouldn't take place until after Peer B was done sending data. Just curious if this is something that has been resolved. Thanks. Jason From: rezaul.ha...@nsn.com To: openssl-users@openssl.org CC: iftekhar.1.ma...@nsn.com; michael.b...@nsn.com Subject: Unexpected message during renegotiate attempt Date: Tue, 19 Mar 2013 16:55:01 +0000
Hello All, I am using openssl 0.9.8r on one Linux box (BoxA) communicating with another Linux box running openssl 1.0.0e (BoxB). There are certain curl uploads that need to occur from BoxA à BoxB. Usually we don’t have any problems. But in a simulated environment, where there could be significant delay/latency (~2 to 3 seconds) in traffic between BoxA and BoxB, we are seeing that the curl operations are not completing as expected. Curl is sending the HTTP-100 message, in the middle of TLS Re-Negotiation, and causing BoxB to send a Fatal Alert and closing the connection. According to the TLS spec, apparently, the TLS implementation should simply ignore those unexpected messages and continue with re-negotiation?? Upon digging some openssl bug reports, we came across these two Bug Tickets. And looks like they were never addressed ? http://rt.openssl.org/Ticket/Display.html?id=2146&user=guest&pass=guest http://rt.openssl.org/Ticket/Display.html?id=2481&user=guest&pass=guest Just was trying to find out if the openssl community ever addressed this “bug” ? If so what openssl version(s) have a fix for this? Any additional information related to the bug mentioned above would be greatly appreciated. Thanks, -Rezaul.
