diff --git a/CHANGES b/CHANGES index 488ad3db06..c969141757 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,12 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa ] + +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended bug workarounds. Rollback attack detection is a security feature. The problem will only arise on OpenSSL servers when TLSv1 is not diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f93f2772d6..18133f3da5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -884,11 +884,17 @@ static int ssl3_get_key_exchange(SSL *s) DH *dh=NULL; #endif + /* use same message size as in ssl3_get_certificate_request() + * as ServerKeyExchange message may be skipped */ n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, - 1024*8, /* ?? */ +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif &ok); if (!ok) return((int)n);