Experimental encrypt-then-mac support.

Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
2013-03-22 17:12:33 +00:00
parent 226751ae4a
commit 5e3ff62c34
13 changed files with 113 additions and 13 deletions
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1023,6 +1023,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 		extname = "next protocol";
 		break;
 #endif
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+		case TLSEXT_TYPE_encrypt_then_mac:
+		extname = "encrypt-then-mac";
+		break;
+#endif

 		default:
 		extname = "unknown";