Broken ChangeCipherspec record in TLS 1.2 with OpenSSL 1.0.2d?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 06/08/15 13:48, Paul Hebert wrote:
> We are using a wildcard certificate requiring SNI and are also requiring
> client certificate authentication.   
> 
> Our TLS 1.2 client is seeing a ChangeCipherspec record with length 30
> bytes (x19) instead of the expected 0x01.  The broken ChangeCipherspec
> record looks like this (hex) *14 03 03 00 01 19*.

That isn't the length byte:

14 = Record Content Type is a CCS message
03 03 = TLS 1.2
00 01 = Length of 1 byte
19 = 1 byte content of the CCS

The RFCs only define one valid value for the content of a CCS, and that
is the value 1 so this is an invalid message.


>  Is this a problem
> with the TLS 1.2 client, or a problem with the OpenSSL 1.0.2d patch (for
> CVE-2015-1793)? 

It is highly unlikely to be a problem with the 1.0.2d patch since
CVE-2015-1793 fixes a libcrypto problem. CCS messages are entirely
generated within libssl.

Looking at the code I can't see any way how the CCS content could be
anything other than one - it's hard coded in.

I assume from your description above that your client is not OpenSSL. I
would look there first, or perhaps some middleware box? Can you get a
packet capture of what OpenSSL is actually sending?

Matt


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux