AnsweredAssumed Answered

Why setting the ClientHello.Random to all-zero?

Question asked by Guang Yao on Sep 22, 2015
Latest reply on Sep 22, 2015 by Guang Yao

Hi,

 

We found in SSL server test, the ClientHello.Random is set to all-zero. Using all-zero ClientHello.Random is a known feature of sslsqueeze(sslsqueeze/sslsqueeze.c at master · mmgaggle/sslsqueeze · GitHub), a famous SSL attacking tool. Thus, our server filters ClientHello whose random is all-zero. Unfortunately, the SSL server test says our server doesn't support HTTPS.


So, would you please use a real random "ClientHello.Random" in the test?

 

Best regards,

Guang

Outcomes