Also, Eric did go to considerable length
to ensure that everyone was aware of his
DHE_DSS support before it became part of
the mainstream SSLEay release around April,
and test against it. (With TLS support,
this was a critical issue since TLS made
DHE_DSS mandatory.)
Point being: right now, we may be better
advised to accept Eric's interpretation
than to do anything else, even if there
are other defensible interpretations of
the spec(s). It's that widely deployed.
- Dave
Jeff Nisewanger wrote:
>
> > Exception while reading/writing data Server key,
> > java.security.SignatureException: invalid encoding for signature
> > javax.net.ssl.SSLException: Server key, java.security.SignatureException:
> > invalid encoding for signature
> > at
> > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:157)
> > at sun.security.ssl.Handshaker.process_record(Compiled Code)
> > at sun.security.ssl.SSLSocketImpl.clearPipeline(Compiled Code)
> > at sun.security.ssl.SSLSocketImpl.write(Compiled Code)
> > at sun.security.ssl.AppOutputStream.write(Compiled Code)
> > at DH.<init>(Compiled Code)
> > at DH.main(DH.java:77)
>
> Sigh. This may be a bug in our handling of the signature element
> in the Server Key Exchange message in SSL_DHE_DSS_* cipher suites.
> Apparently we are not encoding/decoding the 16-bit length header before
> the signature bits correctly.
>
> > I'd be happy to mail the secserver file and certs if anyone is interested.
>
> Sure. Please send these to me directly.
>
>
>
> Jeff