Enable SSL_MODE_AUTO_RETRY by default

Because TLS 1.3 sends more non-application data records some clients run into problems because they don't expect SSL_read() to return and set SSL_ERROR_WANT_READ after processing it. This can cause problems for clients that use blocking I/O and use select() to see if data is available. It can be cleared using SSL_CTX_clear_mode(). Reviewed-by: Matt Caswell <matt@openssl.org> GH: #6260
author: Kurt Roeckx <kurt@roeckx.be> 2018-05-15 19:01:41 +0200
committer: Kurt Roeckx <kurt@roeckx.be> 2018-05-22 22:45:28 +0200
commit: 693cf80c6ff54ae276a44d305d4ad07168ec6895 (patch)
tree: bed0784d42fe6d1544cbe3c1ebf1abe56eb65cf1 /ssl
parent: 1aac20f5095fca8691ef4495c3e7438c935a33dc (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1dd355d0da..22f729c284 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2896,6 +2896,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     ret->method = meth;
     ret->min_proto_version = 0;
     ret->max_proto_version = 0;
+    ret->mode = SSL_MODE_AUTO_RETRY;
     ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
     ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
     /* We take the system default. */
author	Kurt Roeckx <kurt@roeckx.be>	2018-05-15 19:01:41 +0200
committer	Kurt Roeckx <kurt@roeckx.be>	2018-05-22 22:45:28 +0200
commit	693cf80c6ff54ae276a44d305d4ad07168ec6895 (patch)
tree	bed0784d42fe6d1544cbe3c1ebf1abe56eb65cf1 /ssl
parent	1aac20f5095fca8691ef4495c3e7438c935a33dc (diff)