Experimental encrypt-then-mac support.

Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-22 17:12:33 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-08 13:14:03 +0100
commit: 5e3ff62c345c976cd1ffbcc5e6042f55264977f5 (patch)
tree: 16c9ffcc2468e21f5ee445e440c835857ed94c81 /ssl/ssl3.h
parent: 226751ae4a1f3e00021c43399d7bb51a99c22c17 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 0ae97b4206..5fd02791fa 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -422,6 +422,8 @@ typedef struct ssl3_buffer_st
  * effected, but we can't prevent that.
  */
 #define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
+/* Set if we encrypt then mac instead of usual mac then encrypt */
+#define TLS1_FLAGS_ENCRYPT_THEN_MAC		0x0080
 
 #ifndef OPENSSL_NO_SSL_INTERN
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-22 17:12:33 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-08 13:14:03 +0100
commit	5e3ff62c345c976cd1ffbcc5e6042f55264977f5 (patch)
tree	16c9ffcc2468e21f5ee445e440c835857ed94c81 /ssl/ssl3.h
parent	226751ae4a1f3e00021c43399d7bb51a99c22c17 (diff)