diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-11-06 20:45:12 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-11-06 20:49:47 +0000 |
| commit | 0467ea68624450ecece4cde0d5803499aaff19c2 (patch) | |
| tree | 1b14b6d36894ff113f56f165a0ec1f61e1afc1a6 /CHANGES | |
| parent | e0ffd129c16af90eb5e2ce54e57832c0046d1aaf (diff) | |
| download | openssl-0467ea68624450ecece4cde0d5803499aaff19c2.zip openssl-0467ea68624450ecece4cde0d5803499aaff19c2.tar.gz openssl-0467ea68624450ecece4cde0d5803499aaff19c2.tar.bz2 | |
Experimental workaround TLS filler (WTF) extension.
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
if the TLS Client Hello record length value would otherwise be > 255 and less
that 512 pad with a dummy extension containing zeroes so it is at least 512.
To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242
WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -4,6 +4,19 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Experimental workaround TLS filler (WTF) extension. Based on a suggested + workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client + Hello record length value would otherwise be > 255 and less that 512 + pad with a dummy extension containing zeroes so it is at least 512 bytes + long. + + To enable it use an unused extension number (for example 0x4242) using + e.g. -DTLSEXT_TYPE_wtf=0x4242 + + WARNING: EXPERIMENTAL, SUBJECT TO CHANGE. + + [Steve Henson] + *) Experimental encrypt-then-mac support. Experimental support for encrypt then mac from |