[erlang-patches] Fix to unknown ssl extension parsing

Ingela Anderton Andin <>
Tue Sep 27 17:01:13 CEST 2011


Hi !

We will accept the patch and leave the last clause as it is with a new 
comment.

 Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require
 implementations to ignore data following the ClientHello (i.e.,
 extensions) if they do not understand it. 

Data not following the correct extension format will be considered not 
understood.

Regards Ingela Erlang/OTP team - Ericsson AB

Ben Murphy wrote:
> Hi all,
>
> Here is a patch that fixes up the decoding of unknown extensions in 
> SSL Hello packets. The original code interpreted the length of unknown 
> extensions as being in bits instead of bytes so after reading one 
> unknown extension it would end up skipping the rest of the extensions 
> (once it has the wrong offset it keeps on reading corrupted 
> extensions). I'm not exactly sure about what impact the incorrect 
> decoding could have. The only Hello extension used in the SSL library 
> is the secure renegotiation extension. It may be possible that 
> sometimes we will not perform secure negotiation when it is available.
>
> git fetch git://github.com/benmmurphy/otp.git 
> <http://github.com/benmmurphy/otp.git> fix_unknown_ssl_extension_parsing
> https://github.com/benmmurphy/otp/commit/5f7725dc581c7891cb41e725db50076d654511ba
>
> I was able to run the new_ssl tests fine but I wasn't able to get the 
> old_ssl tests running on my machine.
> ------------------------------------------------------------------------
>
> _______________________________________________
> erlang-patches mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-patches
>   



More information about the erlang-patches mailing list