Test mac-then-encrypt

Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-11-25 17:05:30 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-11-28 12:23:36 +0100
commit: b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516 (patch)
tree: 973e55ed7f1d45984268280f46f3da3e65caf5d1 /doc
parent: c6d67f09f34d8203c5bad7171ed45ec8771c9764 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 60b80d39ee..754fe0e5ca 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -353,6 +353,10 @@ B<UnsafeLegacyServerConnect> permits the use of unsafe legacy renegotiation
 for OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>.
 Set by default.
 
+B<EncryptThenMac>: use encrypt-then-mac extension, enabled by
+default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
+B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
+
 =item B<VerifyMode>
 
 The B<value> argument is a comma separated list of flags to set.
author	Emilia Kasper <emilia@openssl.org>	2016-11-25 17:05:30 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-11-28 12:23:36 +0100
commit	b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516 (patch)
tree	973e55ed7f1d45984268280f46f3da3e65caf5d1 /doc
parent	c6d67f09f34d8203c5bad7171ed45ec8771c9764 (diff)