From 9674de7d3d09a0280961de5648a44ef9b029d64b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 27 Jun 2010 14:43:03 +0000 Subject: [PATCH] no need for empty fragments with TLS 1.1 and later due to explicit IV --- ssl/t1_enc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b5c3179c48..5446bb250d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -607,7 +607,8 @@ printf("\nkey block\n"); { int z; for (z=0; zoptions & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) + && s->method->version <= TLS1_VERSION) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) -- 2.25.1