Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Determine value of bool variable $SERVER_SIZE_LIMIT_BUG upfront or when needed #1202

Open
drwetter opened this issue Feb 18, 2019 · 2 comments

Comments

@drwetter
Copy link
Owner

commented Feb 18, 2019

... and not every instance we're potentially sending >= 128 ciphers.

This is a reminder for a future development. As of now we're two [1] check (and subsequently if unsuccessful workarounds) in a few scenarios for $SERVER_SIZE_LIMIT_BUG.

Maybe it would be better to determine a quiet test initially or when needed and populate the variable.

I suspect (but I am not really sure) that there could be more ClientHellos with >= 128 ciphers than those two places.

[1] cipher_pref_check(), run_grease()

Edit:: It is actually 128 ciphers, not 129 when the bug hits

@drwetter drwetter added this to the 3.0 milestone Feb 22, 2019
drwetter added a commit that referenced this issue Mar 5, 2019
In order to handle better Cisco ACE loadbalancers (almost extinct species) which
have a problem with ClientHellos >127 ciphers we have had introduced a variable which
needs to be filled better with some sense.

This commit does that by introducing the function determine_sizelimitbug() which
is called in lets_roll().

It also removes then redundant code in cipher_pref_check().

Open:
* handle run_grease()
* do we want this information at least in a logfile
* or maybe eben on screen?

See also #1202 .
@drwetter

This comment has been minimized.

Copy link
Owner Author

commented Mar 5, 2019

open points:

  • handle run_grease()
  • don't we want this information at least in a logfile
  • or maybe even on screen?
@drwetter

This comment has been minimized.

Copy link
Owner Author

commented Mar 29, 2019

Since afc4f5e only thing which remains open is handling the test in run_grease(). That would just mean removing redundancy, so atm that has no high priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.