Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 43206a2d7c
Branches Tags
openssl
/
bugs
/
sslref.dif

sslref.dif 1.1 KB
History Raw

1234567891011121314151617181920212223242526 
  1. The February 9th, 1995 version of the SSL document differs from
    2. 

  2. https://www.netscape.com in the following ways.
    3. 

  3. =====
    4. 

  4. The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
    5. 

  5. KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
    6. 

  6. not
    7. 

  7. KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
    8. 

  8. as specified in the documentation.
    9. 

  9. =====
    10. 

  10. From the section 2.6 Server Only Protocol Messages
    11. 

  11. 

  12. If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
    13. 

  13. CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. 
    14. 

  14. 

  15. This is not true for https://www.netscape.com.  The CERTIFICATE-TYPE
    16. 

  16. is returned as 1.
    17. 

  17. =====
    18. 

  18. I have not tested the following but it is reported by holtzman@mit.edu.
    19. 

  19. 

  20. SSLref clients wait to recieve a server-verify before they send a
    21. 

  21. client-finished.  Besides this not being evident from the examples in
    22. 

  22. 2.2.1, it makes more sense to always send all packets you can before
    23. 

  23. reading.  SSLeay was waiting in the server to recieve a client-finish
    24. 

  24. before sending the server-verify :-).  I have changed SSLeay to send a
    25. 

  25. server-verify before trying to read the client-finished.
    26. 

  26.