[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] MS12-006 released
From:       Yuhong Bao <yuhongbao_386 () hotmail ! com>
Date:       2012-01-15 4:06:56
Message-ID: SNT125-W42A0F7EBF4BF7B658B6802C3820 () phx ! gbl
[Download RAW message or body]

> On Fri=2C Jan 13=2C 2012 at 10:44 AM=2C Marsh Ray  wrote:
> > I haven't looked at it on the wire=2C but my understanding is that Micr=
osoft's
> > patch is a "one byte record" fix similar to the other implementations.
>
> From looking at packet dumps=2C the SChannel change appears to be
> exactly the same 1/n-1 record splitting as implemented in Chrome 16
> and Firefox 10. http://support.microsoft.com/kb/2643584 describes how
> it's off by default (per a registry setting)=2C but that IE explicitly
> enables it.
But I am particularly thinking of the "incorrect version checking on the pr=
emaster secret" bug.

Yuhong Bao 		 	   		  =

[prev in list] [next in list] [prev in thread] [next in thread]