06 Nov 2013 16:33:23 EST
Background: there's this huge problem where TLS ClientHellos that exceed 255 bytes result in hangs for certain hardware (like some F5 hardware). Hangs are horrible because the only thing you can do is have a timeout and reconnect – super slow. So we're trying to add extensions (like ALPN for SPDY) and new ciphersuites, all while keeping the size under 255 bytes. Someone asks "Hey how come this happens at all." Someone from F5 responds...
Players:
- Xiaoyong Wu - from F5
- Adam Langley - who's in charge of pretty much everything SSL at Google (Chrome and Webservers)
- Yoav Nir - longtime TLS mailing list contributor and engineer
- Stephen Henson - maintainer of OpenSSL
Xiaoyong Wu X.Wu@f5.com via ietf.org It is a little bit more calculation than that and related to some historic reasons, aka SSLv2. For SSL records, the SSLv3 and TLS ClientHello headers are as follows: | 22 | version major | version minor | length high bits | length low bits | If this is interpreted as an SSLv2 header, it will be considered as a 3 byte header: | v2 header b0 | v2 header b1 | v2 header b2 | message type | The value for Client Hello message type is SSLV2_MT_CLIENTHELLO which is 1. When there is an SSLv3/TLS client-hello of length 256 - 511 bytes, this is ambiguous as "message type" is 1 or it is the "length high bits" to be 1. Our implementation before the patch was to prefer SSLv2 and thus the issue. As I am explaining this in detail, I would say that another work around on this would be making a client hello that exceeds 512 in length.
Adam Langley via ietf.org On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wuwrote: > As I am explaining this in detail, I would say that another work around on this would be making a > client hello that exceeds 512 in length. ^^^ Holy crap. I wish I had known that sooner. That might solve the issue. Cheers AGL
Yoav Nir via ietf.org On Nov 6, 2013, at 10:03 AM, Adam Langleywrote: > On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wu wrote: >> As I am explaining this in detail, I would say that another work around on this would be making a >> client hello that exceeds 512 in length. > > ^^^ Holy crap. I wish I had known that sooner. That might solve the issue. Time to standardize the "jpeg-of-cat" extension for TLS.
Dr Stephen Henson lists@drh-consultancy.co.uk via ietf.org On 06/11/2013 18:03, Adam Langley wrote: > On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wuwrote: >> As I am explaining this in detail, I would say that another work around on this would be making a >> client hello that exceeds 512 in length. > > ^^^ Holy crap. I wish I had known that sooner. That might solve the issue. Just did a quick test with OpenSSL on a couple of known "hang" machines. Seems to work. Steve.
The thread is here. Obviously it'll take a lot of testing to figure out if this works reliably, but I think a lot of people are cautiously excited.
required, hidden, gravatared
required, markdown enabled (help)
* item 2
* item 3
are treated like code:
if 1 * 2 < 3:
print "hello, world!"
are treated like code: