Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unexpected message during renegotiate attempt

6 views
Skip to first unread message

Hasan, Rezaul (NSN - US/Arlington Heights)

unread,
Mar 19, 2013, 12:55:01 PM3/19/13
to

Hello All,

 

I am using openssl 0.9.8r on one Linux box (BoxA) communicating with another  Linux box running openssl 1.0.0e  (BoxB).

 

There are certain curl uploads  that need to occur  from    BoxA  à BoxB.

 

Usually we don’t have any problems. But in a simulated environment, where there could be significant delay/latency (~2 to 3 seconds) in traffic between  BoxA  and  BoxB, we are seeing that the curl operations are not completing as expected. 

 

Curl is sending the HTTP-100 message, in the middle of TLS Re-Negotiation, and causing BoxB to send a Fatal Alert and closing the connection.  According to the TLS spec, apparently, the TLS implementation should simply ignore those unexpected messages and continue with re-negotiation??

 

Upon digging some openssl bug reports, we came across these two Bug Tickets. And looks like they were never addressed ?

 

http://rt.openssl.org/Ticket/Display.html?id=2146&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=2481&user=guest&pass=guest

 

Just was trying to find out if the openssl community ever addressed this “bug” ? If so what openssl version(s) have a fix for this?

 

Any additional information related to the bug mentioned above would be greatly appreciated.

 

Thanks,

 

-Rezaul.

 

 

Jason Schultz

unread,
Mar 25, 2013, 10:07:06 AM3/25/13
to
Has there been any response to this?  I dealt with a similar situation about 6 months ago.  It turned out, at first my application was handling some responses to SSL_write() and SSL_read incorrectly:
 
http://www.mail-archive.com/openss...@openssl.org/msg67276.html
 
However, after furthur investitgation and fixing of my application issues, I found that OpenSSL was not able to handle the renegotaion scenario I described.  Which is basically the one in the 2nd bug ticket link you posted; Peer A initiates a renegotiation while Peer B is sending data.  The behavior wasn't exactly the same, I don't think I ever got a failure, but the ClientHello was never read by the server and renegotaion wouldn't take place until after Peer B was done sending data.
 
Just curious if this is something that has been resolved.
 
Thanks.

Jason

 

From: rezaul...@nsn.com
To: openss...@openssl.org
CC: iftekhar...@nsn.com; michae...@nsn.com
Subject: Unexpected message during renegotiate attempt
Date: Tue, 19 Mar 2013 16:55:01 +0000
0 new messages