diff options
Diffstat (limited to 'openssl/bugs/sslref.dif')
-rw-r--r-- | openssl/bugs/sslref.dif | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/openssl/bugs/sslref.dif b/openssl/bugs/sslref.dif new file mode 100644 index 000000000..0aa92bfe6 --- /dev/null +++ b/openssl/bugs/sslref.dif @@ -0,0 +1,26 @@ +The February 9th, 1995 version of the SSL document differs from +https://www.netscape.com in the following ways. +===== +The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is +KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID] +not +KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID] +as specified in the documentation. +===== +From the section 2.6 Server Only Protocol Messages + +If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE, +CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. + +This is not true for https://www.netscape.com. The CERTIFICATE-TYPE +is returned as 1. +===== +I have not tested the following but it is reported by holtzman@mit.edu. + +SSLref clients wait to recieve a server-verify before they send a +client-finished. Besides this not being evident from the examples in +2.2.1, it makes more sense to always send all packets you can before +reading. SSLeay was waiting in the server to recieve a client-finish +before sending the server-verify :-). I have changed SSLeay to send a +server-verify before trying to read the client-finished. + |