diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-13 14:41:32 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-12-13 15:29:26 +0000 |
| commit | 8c6d8c2a498146992123ef5407d7ba01a1e7224d (patch) | |
| tree | da164e7b7c96df04f3969b2d4c428bae19d24d1c /CHANGES | |
| parent | 53a8f8c26d43b2fb1a0a4a6d2b12c27abf97ea77 (diff) | |
Backport TLS padding extension from master.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -4,6 +4,25 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] + *) TLS pad extension: draft-agl-tls-padding-02 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + To enable it use an unused extension number (for example chrome uses + 35655) using: + + e.g. -DTLSEXT_TYPE_padding=35655 + + Since the extension is ignored the actual number doesn't matter as long + as it doesn't clash with any existing extension. + + This will be updated when the extension gets an official number. + + [Adam Langley, Steve Henson] + *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, MGF1 digest and OAEP label. [Steve Henson] |