From 89bd25eb26bbc2ebceb4cd892e7453337804820c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 17 Apr 2012 14:41:23 +0000 Subject: [PATCH] Additional workaround for PR#2771 If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES. --- CHANGES | 15 ++++++++++++--- ssl/s23_clnt.c | 9 +++++++++ ssl/s3_clnt.c | 9 +++++++++ 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index a834647c10..60f245bd70 100644 --- a/CHANGES +++ b/CHANGES @@ -4,9 +4,18 @@ Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] - *) - - Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] + *) Workarounds for some broken servers that "hang" if a client hello + record length exceeds 255 bytes. + + 1. Do not use record version number > TLS 1.0 in initial client + hello: some (but not all) hanging servers will now work. + 2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate + the number of ciphers sent in the client hello. This should be + set to an even number, such as 50, for example by passing: + -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure. + Most broken servers should now work. + 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable + TLS 1.2 client support entirely. *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. [Andy Polyakov] diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 76f1057b5b..0f2e19e135 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -469,6 +469,15 @@ static int ssl23_client_hello(SSL *s) SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } +#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH + /* Some servers hang if client hello > 256 bytes + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION + && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; +#endif s2n(i,p); p+=i; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4511a914a4..b80d052e1f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -755,6 +755,15 @@ int ssl3_client_hello(SSL *s) SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); goto err; } +#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH + /* Some servers hang if client hello > 256 bytes + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION + && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; +#endif s2n(i,p); p+=i; -- 2.25.1