Hi,
I am using bro 0.9 release on my network box. It is behaving weirdly with SSLv2 packets. Whenever an SSLv2 packet comes, its giving the error "SSLv2: FATAL: recordLength doesn't match data block length!"
On further checking I figured out that data is getting overwritten in the function SSL_ConnectionProxy::NewSSLRecord.
So I replaced the initialization of sslpeo and sslper with
sslpeo = (SSL_ProxyEndpoint*) orig->contents_processor;
sslper = (SSL_ProxyEndpoint*) resp->contents_processor;
as in SSLv1.1 release. So now the error is fixed, but its crashing when SSLv2 SERVER HELLO packet is coming. Its crashing when ((SSLv2_Endpoint*) s)->isDataPending() is getting called. Is there any fix for this?
Can someone help me out?
I am waiting with my fingers crossed.
Thanks in advance,
Bindiya