Additional workaround for PR#2771
authorDr. Stephen Henson <steve@openssl.org>
Tue, 17 Apr 2012 14:41:23 +0000 (14:41 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 17 Apr 2012 14:41:23 +0000 (14:41 +0000)
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.

CHANGES
ssl/s23_clnt.c
ssl/s3_clnt.c

diff --git a/CHANGES b/CHANGES
index a834647c104494083f1fcd7b4303dd07f3deaa9f..60f245bd70ae5a12ef25c79e9be09e9c05ee4e0c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,9 +4,18 @@
 
  Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
 
-  *)
-
- Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes.
+
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+       the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+       TLS 1.2 client support entirely.
 
   *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
      [Andy Polyakov]
index 76f1057b5b4381dc26def594b1b9352b06046dd4..0f2e19e135ce1eb02133b99cea1e21ff153357d0 100644 (file)
@@ -469,6 +469,15 @@ static int ssl23_client_hello(SSL *s)
                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                                return -1;
                                }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+                       /* Some servers hang if client hello > 256 bytes
+                        * as hack workaround chop number of supported ciphers
+                        * to keep it well below this if we use TLS v1.2
+                        */
+                       if (TLS1_get_version(s) >= TLS1_2_VERSION
+                               && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+                               i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
                        s2n(i,p);
                        p+=i;
 
index 4511a914a43201921e55f4ef13ef4c35f6fd63f3..b80d052e1f5f011496379f4df191e9cd8f4a618b 100644 (file)
@@ -755,6 +755,15 @@ int ssl3_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                        goto err;
                        }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+                       /* Some servers hang if client hello > 256 bytes
+                        * as hack workaround chop number of supported ciphers
+                        * to keep it well below this if we use TLS v1.2
+                        */
+                       if (TLS1_get_version(s) >= TLS1_2_VERSION
+                               && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+                               i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
                s2n(i,p);
                p+=i;