Wireshark-dev: Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshake messages (Was: Cat
From: Sake Blok <[email protected]>
Date: Sat, 14 Apr 2007 20:20:05 +0200
On Sat, Apr 14, 2007 at 10:58:18AM -0700, Stephen Fisher wrote:
> On Sat, Apr 14, 2007 at 02:35:31PM +0200, Sake Blok wrote:
> > Although I'm still interested in a theoretical answer to the problem 
> > of keeping state info on a per packet basis (see below), here is a 
> > workaround for the bug.
> Would this be better fixed using per-packet state information?

Uhmm... well, with this workaround there is still a (very slim)
chance that the first 4 octets of an encrypted handshake message 
look like an unencrypted handshake message.

I guess the simpleness of this workaround has it's advantages over
trying to solve it through per-packet state recording. My suggestion
will be to use this patch for now and I will look into solving it
with state information.

I guess it's a trade-off between being practical and being exact :)