AnsweredAssumed Answered

Why setting the ClientHello.Random to all-zero?

Question asked by Guang Yao on Sep 22, 2015
Latest reply on Sep 22, 2015 by Guang Yao



We found in SSL server test, the ClientHello.Random is set to all-zero. Using all-zero ClientHello.Random is a known feature of sslsqueeze(sslsqueeze/sslsqueeze.c at master · mmgaggle/sslsqueeze · GitHub), a famous SSL attacking tool. Thus, our server filters ClientHello whose random is all-zero. Unfortunately, the SSL server test says our server doesn't support HTTPS.

So, would you please use a real random "ClientHello.Random" in the test?


Best regards,