[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] MS12-006 released
From: Yuhong Bao <yuhongbao_386 () hotmail ! com>
Date: 2012-01-15 4:06:56
Message-ID: SNT125-W42A0F7EBF4BF7B658B6802C3820 () phx ! gbl
[Download RAW message or body]
> On Fri=2C Jan 13=2C 2012 at 10:44 AM=2C Marsh Ray wrote:
> > I haven't looked at it on the wire=2C but my understanding is that Micr=
osoft's
> > patch is a "one byte record" fix similar to the other implementations.
>
> From looking at packet dumps=2C the SChannel change appears to be
> exactly the same 1/n-1 record splitting as implemented in Chrome 16
> and Firefox 10. http://support.microsoft.com/kb/2643584 describes how
> it's off by default (per a registry setting)=2C but that IE explicitly
> enables it.
But I am particularly thinking of the "incorrect version checking on the pr=
emaster secret" bug.
Yuhong Bao =
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic