Solidot: Heartbleed漏洞补丁引发SSL链接bug

Solidot

奇客的资讯，重要的东西

Heartbleed漏洞补丁引发SSL链接bug
http://solidot.org.feedsportal.com/c/33236/f/556826/s/39ff3155/sc/28/l/0L0Ssolidot0Borg0Cstory0Dsid0F39373/story01.htm
May 2nd 2014, 16:14

Shawn the R0ck 写道 "OpenSuSE社区收到关于最近因为OpenSSL heartbleed漏洞的修复关于padding扩展代码的改动导致IronPort SMTP服务器出现异常阻断的bug报告。OpenSSL 1.0.1g不仅仅是修复了heartbleed漏洞，而且也增加了一些padding扩展的改动：#define TLSEXT_TYPE_padding 21
这直接导致SSL链接出错(至少在Ironports的设备上):
SSL23_GET_SERVER_HELLO:tlsv1 alert decode error
Padding扩展只会在ClientHello的长度在256---511字节之间时使用，理论上讲，削减ciphersuite到256字节以内可以是临时解决方案之一，或者是强制使用SSLv3，或者把上面的改动剔除并且重新编译OpenSSL。目前OpenSSL社区并没有给出解决方案。 "This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.



You are receiving this email because you subscribed to this feed at https://blogtrottr.com

If you no longer wish to receive these emails, you can unsubscribe here:
https://blogtrottr.com/unsubscribe/cz0/jPbdSR