On Thu, Oct 29, 2015 at 11:56:27AM -0400, Dave Garrett wrote:
> On Thursday, October 29, 2015 11:00:04 am Viktor Dukhovni wrote:
> > On Thu, Oct 29, 2015 at 03:07:58PM +0100, Hubert Kario wrote:
> > > On Wednesday 21 October 2015 20:17:31 Dave Garrett wrote:
> > > > Congrats on releasing an RFC that has day one 100% server support. :p
> > >
> > > oh, I'm sure there's at least one server out there that is intolerant to
> > > this one specific extension ]:->
> >
> > When the extension was first enabled in OpenSSL 1.0.1g there were
> > (and perhaps some are still left unpatched) Cisco IronPort SMTP
> > servers that could not handle the extension.
>
> Now I'm just curious: How? Where they essentially just intolerant to _any_
> new extension or one of a certain length?
I think it was the resulting client HELLO length (512+ bytes), but
I don't recall seeing the details explained.
http://postfix.1071664.n5.nabble.com/OpenSSL-1-0-1g-and-Ironport-SMTP-appliances-interop-issue-td66873.html
http://openssl.6102.n7.nabble.com/openssl-update-1-0-1f-to-1-0-1g-broke-sendmail-SSL23-GET-SERVER-HELLO-tlsv1-alert-decode-error-td49242.html
https://www.mail-archive.com/search?l=openssl-...@openssl.org&q=subject:%22Re%3A+[openssl.org+%233336]+1.0.1g+breaks+IronPORT+SMTP+appliance+%28padding+extension%29%22&o=newest&f=1
If John Foley from Cisco is on this list, perhaps he'll be willing
to elaborate.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
