1 Reply Latest reply: Jun 4, 2012 2:49 PM by j457 RSS

TLS clienthello >255 byte tolerance check?


A clienthello in excess of 255 bytes causes at least that one common SSL implementation to hang.  This became noticeable after openssl 1.0.1 was released, because it sends more tls extensions by default, pushing the clienthello over 0xff bytes in the common case.  However, the bug can also be seen using earlier openssl versions by supplying a sufficiently long servername in the servername tls extension.


works fine with 1.0.1c: openssl s_client -msg -tls1 -servername "aaaaa" -connect online.americanexpress.com:443

hangs with 1.0.1c: openssl s_client -msg -tls1 -servername "aaaaaaaaaaaaaaaaaaaaaaaa" -connect online.americanexpress.com:443


If the handshake length from the second command is less than 0x0100, that's probably the result of an older openssl branch that doesn't as many tls extensions by default; adding to the servername until openssl sends a clienthello of 0x0100 bytes should get it to start hanging.


Perhaps the ssl test could check for this bug?


More details, with F5 BigIP firmware bug update info, here: http://rt.openssl.org/Ticket/Display.html?id=2771


A couple other sites that, amusingly, fail: