On 06/08/15 13:48, Paul Hebert wrote: > We are using a wildcard certificate requiring SNI and are also requiring > client certificate authentication. > > Our TLS 1.2 client is seeing a ChangeCipherspec record with length 30 > bytes (x19) instead of the expected 0x01. The broken ChangeCipherspec > record looks like this (hex) *14 03 03 00 01 19*. That isn't the length byte: 14 = Record Content Type is a CCS message 03 03 = TLS 1.2 00 01 = Length of 1 byte 19 = 1 byte content of the CCS The RFCs only define one valid value for the content of a CCS, and that is the value 1 so this is an invalid message. > Is this a problem > with the TLS 1.2 client, or a problem with the OpenSSL 1.0.2d patch (for > CVE-2015-1793)? It is highly unlikely to be a problem with the 1.0.2d patch since CVE-2015-1793 fixes a libcrypto problem. CCS messages are entirely generated within libssl. Looking at the code I can't see any way how the CCS content could be anything other than one - it's hard coded in. I assume from your description above that your client is not OpenSSL. I would look there first, or perhaps some middleware box? Can you get a packet capture of what OpenSSL is actually sending? Matt
