[Mono-devel-list] [PATCH] SslCipherSuite sequence #

Brian Ritchie brian.ritchie at gmail.com
Mon Apr 4 23:15:21 EDT 2005


I've been working on integrating the SslServerStream with XSP and ran
across what appears to be a bug in the SslCipherSuite class. I'm new
to the inner workings of SSL, so please forgive any misstatements.

Once I had the SslServerStream hooked into the XSP server, it wasn't
working properly...GETs would work, but POST-backs wouldn't. (On
Firefox & IE)  After much debugging, I think I've found the answer.
The ComputeClientRecordMAC function that calculated the hash for each
fragment coming from the client (and comparing it to the hash provided
by the client)...was using the wrong sequence #.  As I understand it,
a request is broken into multiple fragments, and a sequence # is
incremented for each fragment.  Since the wrong sequence # was being
used, the hashes for requests with more than one fragment were
invalid.  Since POSTs have more data, they were being broken into
multiple fragments.

Once I applied this simple patch (attached), XSP worked nicely with
both browsers
in SSL mode.

Please let me know if this patch can be committed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SslCipherSuite.diff
Type: application/octet-stream
Size: 573 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20050404/e230a31e/attachment.obj 

More information about the Mono-devel-list mailing list