[Mono-devel-list] [PATCH] SslCipherSuite sequence #
Sébastien Pouliot
spouliot at videotron.ca
Tue Apr 5 08:35:01 EDT 2005
Hello Brian,
> I've been working on integrating the SslServerStream with XSP and ran
> across what appears to be a bug in the SslCipherSuite class. I'm new
> to the inner workings of SSL, so please forgive any misstatements.
Nice! I'm glad someone took the challenge to SSL enabled XSP :-)
> Once I had the SslServerStream hooked into the XSP server, it wasn't
> working properly...GETs would work, but POST-backs wouldn't. (On
> Firefox & IE) After much debugging, I think I've found the answer.
> The ComputeClientRecordMAC function that calculated the hash for each
> fragment coming from the client (and comparing it to the hash provided
> by the client)...was using the wrong sequence #. As I understand it,
> a request is broken into multiple fragments, and a sequence # is
> incremented for each fragment. Since the wrong sequence # was being
> used, the hashes for requests with more than one fragment were
> invalid. Since POSTs have more data, they were being broken into
> multiple fragments.
Make sense to me. As you may have guessed the server side code is much
less tested than the client side - mainly due to the lack of servers
using the code. Hopefully this will change.
> Once I applied this simple patch (attached), XSP worked nicely with
> both browsers in SSL mode.
>
> Please let me know if this patch can be committed.
If Carlos is also ok on the patch then it will be committed shortly.
Thanks
Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html
More information about the Mono-devel-list
mailing list