diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-06-27 14:43:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-06-27 14:43:03 +0000 |
commit | 9674de7d3d09a0280961de5648a44ef9b029d64b (patch) | |
tree | adea1949ddb1c6f11aadbb9af5d8ea3fa3daf13c /ssl | |
parent | a7c64928c83598b4807abd45e12d7544574ef09a (diff) |
no need for empty fragments with TLS 1.1 and later due to explicit IV
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_enc.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b5c3179c48..5446bb250d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -607,7 +607,8 @@ printf("\nkey block\n"); { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } #endif - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) + && s->method->version <= TLS1_VERSION) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) |