projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ec7b16d) | patch
Disable encrypt_then_mac negotiation for DTLS.
authorDavid Woodhouse <David.Woodhouse@intel.com>
Wed, 12 Oct 2016 22:10:37 +0000 (23:10 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 20 Oct 2016 08:59:41 +0000 (09:59 +0100)
commit8afb9742aedc07e26f9930c1f859f8c0f204e77f
treebcc3d1f64f6d543df682733c22f7494501231544tree | snapshot
parentec7b16ddbb020b2f49ff7394901cd2b2bed5234bcommit | diff
Disable encrypt_then_mac negotiation for DTLS.

I use the word 'negotiation' advisedly. Because that's all we were doing.
We negotiated it, set the TLS1_FLAGS_ENCRYPT_THEN_MAC flag in our data
structure, and then utterly ignored it in both dtls_process_record()
and do_dtls1_write().

Turn it off for 1.1.0; we'll fix it for 1.1.1 and by the time that's
released, hopefully 1.1.0b will be ancient history.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.