projects
/
oweals
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
b4b15f6
)
no need for empty fragments with TLS 1.1 and later due to explicit IV
author
Dr. Stephen Henson
<steve@openssl.org>
Sun, 27 Jun 2010 14:42:43 +0000
(14:42 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Sun, 27 Jun 2010 14:42:43 +0000
(14:42 +0000)
ssl/t1_enc.c
patch
|
blob
|
history
diff --git
a/ssl/t1_enc.c
b/ssl/t1_enc.c
index b5c3179c48b4d6fa50cab3b40c7ecba26a4f2c55..5446bb250dd66308d36f8ae2f3e19b1ed00b7fb8 100644
(file)
--- a/
ssl/t1_enc.c
+++ b/
ssl/t1_enc.c
@@
-607,7
+607,8
@@
printf("\nkey block\n");
{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
#endif
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+ && s->method->version <= TLS1_VERSION)
{
/* enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)