zero pad DHE public key in ServerKeyExchange message for interop
Some versions of the Microsoft TLS stack have problems when the DHE public key is encoded with fewer bytes than the DHE prime. There's some public acknowledgement of the bug at these links: https://connect.microsoft.com/IE/feedback/details/1253526/tls-serverkeyexchange-with-1024-dhe-may-encode-dh-y-as-127-bytes-breaking-internet-explorer-11 https://connect.microsoft.com/IE/feedback/details/1104905/wininet-calculation-of-mac-in-tls-handshake-intermittently-fails-for-dhe-rsa-key-exchange This encoding issue also causes the same errors with 2048-bit DHE, if the public key is encoded in fewer than 256 bytes and includes the TLS stack on Windows Phone 8.x. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1320)
parent
fe0169b0
Please register or sign in to comment