Closed loganaden closed 5 months ago
davidben
commented
6 months ago The case in that website is not what the bullet point is talking about. The bullet point is talking about a single TLS ClientHello spread over multiple TLS records. That's about issues like CVE-2014-3511.
The common problem with hybrids is when a single-record ClientHello does not fit in a TCP packet.
loganaden
commented
6 months ago Thanks for point this out. I will change the PR to have a dedicate line for the tldr issue. Is that ok @davidben ?
ekr
commented
5 months ago This just seems like a basic failure of how the TLS stack interacts with the TCP layer. I'm not sure we need to mention it.
loganaden
commented
5 months ago Understood @ekr . I'm closing it.
Would it be worth mentioning this specific case https://tldr.fail/, where TLS ClientHello processing is not implemented correctly ?