[Mono-devel-list] [PATCH] SslCipherSuite sequence #

Sébastien Pouliot spouliot at videotron.ca
Tue Apr 5 08:35:01 EDT 2005

Hello Brian,

> I've been working on integrating the SslServerStream with XSP and ran
> across what appears to be a bug in the SslCipherSuite class. I'm new
> to the inner workings of SSL, so please forgive any misstatements.

Nice! I'm glad someone took the challenge to SSL enabled XSP :-)
> Once I had the SslServerStream hooked into the XSP server, it wasn't
> working properly...GETs would work, but POST-backs wouldn't. (On
> Firefox & IE)  After much debugging, I think I've found the answer.
> The ComputeClientRecordMAC function that calculated the hash for each
> fragment coming from the client (and comparing it to the hash provided
> by the client)...was using the wrong sequence #.  As I understand it,
> a request is broken into multiple fragments, and a sequence # is
> incremented for each fragment.  Since the wrong sequence # was being
> used, the hashes for requests with more than one fragment were
> invalid.  Since POSTs have more data, they were being broken into
> multiple fragments.

Make sense to me. As you may have guessed the server side code is much 
less tested than the client side - mainly due to the lack of servers
using the code. Hopefully this will change.

> Once I applied this simple patch (attached), XSP worked nicely with
> both browsers in SSL mode.
> Please let me know if this patch can be committed.

If Carlos is also ok on the patch then it will be committed shortly.


Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html

More information about the Mono-devel-list mailing list