Quantcast

OpenSSL behavior for NULL characters

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenSSL behavior for NULL characters

Anamitra Dutta Majumdar

I am trying to figure out what is the default OpenSSL server side behavior when we send the following command

 

openssl s_client -connect localhost:8089 < /dev/zero 2>&1

 

What is the expected/default  behavior of a TLS server.

Should it close the connection , or continue to accept the NULL characters.

 

 

Anamitra Dutta Majumdar

Product Security Architect

Office: 4152663903

Email: [hidden email]

Splunk Inc. San Francisco | Cupertino | London | Hong Kong | Washington D.C. | Seattle | Plano | Singapore | Munich | Tokyo | Shanghai

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL behavior for NULL characters

Salz, Rich

What’s the serer on the other side?  If it’s a web server, then \0 characters are generally illegal.  If it’s s_server, then it, too, really wants ASCII lines.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL behavior for NULL characters

Anamitra Dutta Majumdar
In reply to this post by Anamitra Dutta Majumdar

It is a home grown HTTPS server.

 

 

Anamitra Dutta Majumdar

Product Security Architect

Office: 4152663903

Email: [hidden email]

Splunk Inc. San Francisco | Cupertino | London | Hong Kong | Washington D.C. | Seattle | Plano | Singapore | Munich | Tokyo | Shanghai

 

 

From: openssl-users <[hidden email]> on behalf of "Salz, Rich" <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Monday, February 13, 2017 at 12:53 PM
To: "[hidden email]" <[hidden email]>
Subject: Re: [openssl-users] OpenSSL behavior for NULL characters

 

What’s the serer on the other side?  If it’s a web server, then \0 characters are generally illegal.  If it’s s_server, then it, too, really wants ASCII lines.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL behavior for NULL characters

Viktor Dukhovni
In reply to this post by Salz, Rich

> On Feb 13, 2017, at 3:53 PM, Salz, Rich <[hidden email]> wrote:
>
> What’s the serer on the other side?  If it’s a web server, then \0 characters are generally illegal.  If it’s s_server, then it, too, really wants ASCII lines.

For binary-clean input use the "-nocommads" option to s_client.
The remaining behaviour is then up to the server, though on EBCDIC
systems, the input is still assumed to be textual and ASCII conversion
will be attempted.  The s_client(1) command is not "stunnel", it is a
diagnostic tool, not a proxy.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL behavior for NULL characters

Salz, Rich
In reply to this post by Anamitra Dutta Majumdar
> It is a home grown HTTPS server.

Well, then what does your server do?

To be very very clear:  TLS is a *send the bytes* protocol.  It knows nothing about EBCDIC, ASCII, text, etc.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL behavior for NULL characters

Karl Denninger
On 2/13/2017 18:41, Salz, Rich wrote:
It is a home grown HTTPS server.
Well, then what does your server do?

To be very very clear:  TLS is a *send the bytes* protocol.  It knows nothing about EBCDIC, ASCII, text, etc.

To back up what Rich has said I pass a LOT of data, including HTTPS and binary protocols between different machines (which may contain any particular set of bytes in a packet format) using OpenSSL as the encryption method for said transport and I've had no issues whatsoever with whatever I stuff in the pipe coming out the other end unmolested.

Do be aware of the semantics and exceptions (which you must handle -- or else) described in the documentation however -- especially for non-blocking sockets.  Due to the potential for renegotiations and similar failing to pay attention to those can result in some pretty interesting "surprises".

--
Karl Denninger
[hidden email]
The Market Ticker
[S/MIME encrypted email preferred]

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (4K) Download Attachment
Loading...