Note that there is a 'Long handshake intolerance' entry in the protocol details in the SSL Server test. May I know what it refers to? Is it refer to the TLS clienthello longer than 255 byte issue?
Yes, that's what it is.
Hi Ivan, many thanks. SSL server test is a great tool that we refer very often.
Can you give any more specifics about that potential issue the SSL Server Test is testing for under this name?
Is this a compatibility issue or a vulnerability?
Is there a CVE identifier or can you supply any link to papers discussing this?
It is a compatibility issue: the server is unable to respond to SSL connections whose initial requests (sent by a client) exceeds 255 bytes. This should be rare when it comes to browsers (the last time I checked, their initial requests are smaller), but may affect OpenSSL command line tools or applications when OpenSSL > 1.0.0 is used. (OpenSSL supports a large number of cipher suites and offers them all for negotiation, and that may push the initial packet size over 255 bytes.)
Thank you for your quick and helpful response
Retrieving data ...