diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-11-25 17:05:30 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-10-05 09:29:28 +0200 |
commit | c5e8bd1d8aa9dafdb515b6c055f1ac95c12f138d (patch) | |
tree | 12b0a5f55eadf43c4868cd090f073b312da86317 /ssl | |
parent | 619c589bdb2fc52e4f180db548222e2b7ab169d8 (diff) |
Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_conf.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 88e4103820..8b7c6fe9c7 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -357,6 +357,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), + SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), }; if (value == NULL) return -3; |