[erlang-questions] New SSL related observation / question

Ingela Andin ingela@REDACTED
Tue Jul 13 22:39:28 CEST 2010


Hi!

Well, reading the RFC:s again I see that it is first in RFC 4346 TLS
1.1 (3.2 ) that it is an requierment that the
padding must be checked. RFC 2246 TLS 1.0 (3.1)  is a bit more vauge and says
that a MAC error should be returned if the padding is checked.  So
this gives us a little dilema should
we not check at all in TLS 1.0 to gain interopability with all
implementations or maybe we should just make it configurable?!

Regards Ingela Erlang/OTP team, Ericsson AB


2010/7/13  <tech@REDACTED>:
> I have seen that using IE browsers connecting to https based servers returns a
> MAC_ERROR using the R14A implementations.
>
> Investigating further I see that the connection from the IE browser connects,
> and in the ssl_cipher.erl module I saw that it shows the version as 3,1.  (3,1
> indicates TLS)
>
> The code in ssl_cipher that handles this is the function is_correct_padding, I
> added the following pattern match as well:
> ## Added Code
> is_correct_padding(_, {3, 1}) ->
>    true;
>
> , and the connection now seems to be working fine, is there any known problems
> and / or side effects that someone know about with this change?
>
> Thanks
>
>
>
> --
> -----
> Mobile : +27 84 468 3138
> Skype : danielschutte
> Office : +27 (0) 11 475 - 1654
>             +27 (0) 11 475 - 1664
>             +27 (0) 11 475 - 1674
>             +27 (0) 11 475 - 1639
>
>
> -------------------------------------------------------
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-questions-unsubscribe@REDACTED
>
>


More information about the erlang-questions mailing list