On Wednesday 03 February 2016 07:22:05 Hareesh D wrote:
> Can someone please tell me how to verify the fix done for
> CVE-2015-3197. I want to test 1.0.1r version for this issue.
> From the issue description I'm not able to understand what exactly
> client and server doing.
> Please tell me what packet client has to send or else please provide
> me the packet capture of the issue.
> Please help. Thanks !!
I have "published" a reproducer but it is a bit hairy - you will need
development versions of few python modules, but nothing too crazy. You
will also need Python 2.6, 3.2 or later.
The relevant libraries are tlslite-ng, tlsfuzzer and python-ecdsa.
To start, download tlsfuzzer and switch to branch with new code:
Note: In future checking out the development branches will not be
necessary (the lines with `git checkout` can be skipped).
The relevant test to check if SSLv2 is completely disabled and client
can't force a connection is
It will test if the server rejects the SSLv2 style client hello by
either closing the connection or sending an alert and closing a
means that the server is most likely NOT vulnerable.
Any error in form of
Unexpected message from peer: Handshake(43)
(or any other number) and an exit value of non-zero means that the
server IS vulnerable.
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev