[1794] in WWW Security List Archive
SSL compatibility
daemon@ATHENA.MIT.EDU (John Hemming - CEO MarketNet)
Mon Apr 8 16:40:13 1996
From: "John Hemming - CEO MarketNet" <johnhemming@mkn.co.uk>
Date: Mon, 08 Apr 1996 17:37:44 PM PDT
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I have just noticed an interesting difference between the implementations
of SSL servers by Netscape and myself and others. Netscape and I
when parseing the masterkey following the RSA mod mult calculations
identify the masterkey by an offset of the resultant number. This
should be preceeded by a hex 0x0. Others look for the first 0x0 in the
resultant number and identify the masterkey after that (or the chunk that
is sent encrypted at least).
This did cause an error when my browser hit a server using the other
scheme. My browser worked with Netscape servers and my own
server. I have fixed the error and a modified version of the browser is now
available at ftp://193.119.26.70/mktnet/pub/horse.zip
Anyone else implementing SSL links should be aware of this.
