AnsweredAssumed Answered

TLS clienthello >255 byte tolerance check?

Question asked by j457 on Jun 4, 2012
Latest reply on Jun 4, 2012 by j457

A clienthello in excess of 255 bytes causes at least that one common SSL implementation to hang.  This became noticeable after openssl 1.0.1 was released, because it sends more tls extensions by default, pushing the clienthello over 0xff bytes in the common case.  However, the bug can also be seen using earlier openssl versions by supplying a sufficiently long servername in the servername tls extension.


works fine with 1.0.1c: openssl s_client -msg -tls1 -servername "aaaaa" -connect

hangs with 1.0.1c: openssl s_client -msg -tls1 -servername "aaaaaaaaaaaaaaaaaaaaaaaa" -connect


If the handshake length from the second command is less than 0x0100, that's probably the result of an older openssl branch that doesn't as many tls extensions by default; adding to the servername until openssl sends a clienthello of 0x0100 bytes should get it to start hanging.


Perhaps the ssl test could check for this bug?


More details, with F5 BigIP firmware bug update info, here:


A couple other sites that, amusingly, fail: