artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cea2ef1) | patch
SSL_OP_ALL is supposed to be all options and workarounds that are safe,
authortedu <tedu@openbsd.org>
Mon, 28 Apr 2014 20:05:21 +0000 (20:05 +0000)
committertedu <tedu@openbsd.org>
Mon, 28 Apr 2014 20:05:21 +0000 (20:05 +0000)
commitf4a3c3a2cfea2e8bf856a32eb0b175947306fe80
tree508616d4352a1e387fb2fc45a3573733727ac847tree | snapshot
parentcea2ef1c7896e72a5a5d3533c0eafd6a530bf57ecommit | diff
SSL_OP_ALL is supposed to be all options and workarounds that are safe,
but disabling attack mitigations is not safe. 0.9.6d contained a
workaround for an attack against CBC modes. 0.9.6e disabled it by default
because "some" implementations couldn't handle empty fragments. 12 years
have passed. Does anybody still care? Let's find out.
ok miod
lib/libssl/src/ssl/ssl.h diff | blob | history
lib/libssl/ssl.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim