Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zero pad DHE public key in ServerKeyExchange message for interop #1350

Closed

Conversation

@russor
Copy link

russor commented Jul 25, 2016

Some versions of the Microsoft TLS stack have problems when the DHE public key
is encoded with fewer bytes than the DHE prime. (Backported from master)

Follow up to pull #1320

Some versions of the Microsoft TLS stack have problems when the DHE public key
is encoded with fewer bytes than the DHE prime. (Backported from master)
@richsalz richsalz added this to the 1.0.2 milestone Jul 25, 2016
@richsalz richsalz self-assigned this Jul 25, 2016
@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Jul 25, 2016

+1

@richsalz richsalz added the reviewed label Jul 25, 2016
@t-j-h t-j-h added the approval: done label Oct 5, 2016
@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Oct 19, 2016

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Nov 15, 2016

ping @russor, we'd really like to get this merged ...

@russor

This comment has been minimized.

Copy link
Author

russor commented Dec 13, 2016

Poking this here, as the CLA was submitted :)

@mattcaswell

This comment has been minimized.

Copy link
Member

mattcaswell commented Dec 14, 2016

I can confirm that we have your CLA on file. Ping @richsalz for merge.

levitte pushed a commit that referenced this pull request Dec 14, 2016
Some versions of the Microsoft TLS stack have problems when the DHE public key
is encoded with fewer bytes than the DHE prime. (Backported from master)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #1350)
@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Dec 14, 2016

commit 5bbedd3. Thanks!

@richsalz richsalz closed this Dec 14, 2016
9EOR9 added a commit to MariaDB/mariadb-connector-c that referenced this pull request Sep 19, 2019
At irregular intervals older windows versions (prior Windows 10) fail to establish a secure (TLS)
connection and return errors SEC_E_INVALID_TOKEN, SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
This is a bug in windows schannel library and was only fixed in recent versions, also OpenSSL provided
a workaround (see openssl/openssl#1350).
Since we are unable to fix this, we introduced a workaround for this problem. In case of an error
during TLS handshake we check the errorcode and try to reconnect up to three times if the error code
was SEC_E_INVALID_TOKEN, SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.