generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Option to disable padding extension.

Browse Source 
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
(cherry picked from commit 758415b2259fa45d3fe17d8e53ae1341b7b6e482)

Conflicts:

	ssl/t1_lib.c
This commit is contained in:
Dr. Stephen Henson
2014-06-01 16:08:18 +01:00
parent 08b172b975
commit 623a01df49
3 changed files with 29 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ssl/SSL_CTX_set_options.pod
View File

@@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some
broken SSL implementations. This option has no effect for connections
using other ciphers.
=item SSL_OP_TLSEXT_PADDING
Adds a padding extension to ensure the ClientHello size is never between
256 and 511 bytes in length. This is needed as a workaround for some
implementations.
=item SSL_OP_ALL
All of the above bug workarounds.