[Pkg-openssl-devel] Bug#338006: openssl 0.9.7i - reintroducing bad
record mac because of wrong SSL_OP_TLS_BLOCK_PADDING_BUG handeling
Kurt Roeckx
kurt at roeckx.be
Thu Apr 6 22:48:09 UTC 2006
Hi,
As part of the 0.9.7i upload, I noticed this in the changelog:
* Change the client implementation for SSLv23_method() and
SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
(Previously, the SSL 2.0 backwards compatible Client Hello
message format would be used even with SSL_OP_NO_SSLv2.)
This change in behaviour seems to explain bug #338006 to me, were
people have a problem with the padding bug being misdetected.
So I have a feeling that libssl0.9.7 is going to have the same
problem as libssl0.9.8 had, and that people might be having
problems with this.
I also wonder that this change also had #335271 as effect. The
default connection now uses zlib compression, while the old one
doesn't. So it can perfectly explain that one as well.
So I think 2 things need to happen:
- Call configure with "zlib" instead of "zlib-dynamic"
- Apply the fix for #338006
I didn't have time to verify this, will try to look at this
during the weekend.
Kurt
More information about the Pkg-openssl-devel
mailing list