On Thu, May 09, 2013, Viktor Dukhovni wrote: > On Thu, May 09, 2013 at 04:54:33PM +0000, Viktor Dukhovni wrote: > > > So I'm more interested in any leads about which servers are prone > > to this misbehaviour. Did any past OpenSSL versions mishandle > > session tickets and acccept the session only to then fail to > > negotiate correctly (zero length finished)? > > > > It seems likely that the servers are running some OpenSSL version > > or other, but so far I only have directl access to the client, not > > the server. > > > > Is there anything in past versions of OpenSSL that would have > > trouble with session tickets? Maybe a poor interaction between > > tickets and an external session cache? (Postfix uses the session > > callbacks to save and restore sessions from an on-disk shared > > database). I've tried a bunch of different OpenSSL versions, and > > can't reproduce the issue with any server I compile. (I am not > > fool enough to break this foolproof system). > > One of the servers is: > > OpenSSL 0.9.9-dev 09 May 2008 > built on: NetBSD 5.1_STABLE > platform: NetBSD-x86_64 > options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int) > blowfish(idx) > compiler: gcc version 4.1.3 20080704 (prerelease) (NetBSD nb3 20111107) > OPENSSLDIR: "/etc/openssl" > > does that ring any bells? Can anyone think of a specific ticket-related > bug fixed between 0.9.9-dev and 1.0.0 that can account for malformed > handshakes with zero-length finished messages? > > With any luck this issue is limited to a small number of older > NetBSD servers running 0.9.9-dev. >
In case it isn't clear there never was an official 0.9.9 release so this is presumably based on a development version snapshot. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
