Funniest Exchange Ever on TLs Mailing List

You're browsing without Javascript! If you have no idea what that means, you should ask your technical friend about it.
Otherwise - kudos. The website should work - with the exception of comments. You can learn what they are; however, by visiting /comments.py?postid=blog-tls_mailing_list
If it doesn't, please contact me and let me know.

06 Nov 2013 16:33:23 EST

Background: there's this huge problem where TLS ClientHellos that exceed 255 bytes result in hangs for certain hardware (like some F5 hardware). Hangs are horrible because the only thing you can do is have a timeout and reconnect – super slow. So we're trying to add extensions (like ALPN for SPDY) and new ciphersuites, all while keeping the size under 255 bytes. Someone asks "Hey how come this happens at all." Someone from F5 responds...

Players:

Xiaoyong Wu - from F5
Adam Langley - who's in charge of pretty much everything SSL at Google (Chrome and Webservers)
Yoav Nir - longtime TLS mailing list contributor and engineer
Stephen Henson - maintainer of OpenSSL

Xiaoyong Wu X.Wu@f5.com via ietf.org 
  
It is a little bit more calculation than that and related to some historic reasons, aka SSLv2.

For SSL records, the SSLv3 and TLS ClientHello headers are as follows:

| 22 | version major | version minor | length high bits | length low bits |

If this is interpreted as an SSLv2 header, it will be considered as a 3 byte header:
| v2 header b0 | v2 header b1 | v2 header b2 | message type |

The value for Client Hello message type is SSLV2_MT_CLIENTHELLO which is 1.
When there is an SSLv3/TLS client-hello of length 256 - 511 bytes, this is ambiguous as "message 
type" is 1 or it is the "length high bits" to be 1.

Our implementation before the patch was to prefer SSLv2 and thus the issue.

As I am explaining this in detail, I would say that another work around on this would be making a 
client hello that exceeds 512 in length.

Adam Langley via ietf.org 
  
On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wu  wrote:
> As I am explaining this in detail, I would say that another work around on this would be making a 
> client hello that exceeds 512 in length.

^^^ Holy crap. I wish I had known that sooner. That might solve the issue.

Cheers

AGL

Yoav Nir via ietf.org 
    
On Nov 6, 2013, at 10:03 AM, Adam Langley  wrote:
> On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wu  wrote:
>> As I am explaining this in detail, I would say that another work around on this would be making a 
>> client hello that exceeds 512 in length.
>
> ^^^ Holy crap. I wish I had known that sooner. That might solve the issue.

Time to standardize the "jpeg-of-cat" extension for TLS.

Dr Stephen Henson lists@drh-consultancy.co.uk via ietf.org 

On 06/11/2013 18:03, Adam Langley wrote:
> On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wu  wrote:
>> As I am explaining this in detail, I would say that another work around on this would be making a 
>> client hello that exceeds 512 in length.
>
> ^^^ Holy crap. I wish I had known that sooner. That might solve the issue.

Just did a quick test with OpenSSL on a couple of known "hang" machines. Seems
to work.

Steve.

The thread is here. Obviously it'll take a lot of testing to figure out if this works reliably, but I think a lot of people are cautiously excited.

Comments

/comments.py?postid=blog-tls_mailing_list

Add a comment...

Name: required
E-Mail: required, hidden, gravatared
Website:
Comment: required, markdown enabled (help)

you type:	you see:
italics	italics
bold	bold
[stolen from reddit!](http://reddit.com)	stolen from reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"