diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-03 11:21:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-16 09:39:05 +0000 |
commit | 9c5a691d578a4debfd6ecacc030a85900906bf0d (patch) | |
tree | 5f87c146078aa84fb1cc8d41c4410093062447f9 /test/ssl_test_ctx.h | |
parent | 3bdc1dc8fcc97a8945ddbc2748e7059207ea3914 (diff) |
Provide a test for the Encrypt-Then-Mac renegotiation crash
Changing the ciphersuite during a renegotiation can result in a crash
leading to a DoS attack. ETM has not been implemented in 1.1.0 for DTLS
so this is TLS only.
This commit provides a test for the issue.
CVE-2017-3733
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'test/ssl_test_ctx.h')
-rw-r--r-- | test/ssl_test_ctx.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 995d518ed3..28a4566716 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -84,6 +84,8 @@ typedef struct { char *npn_protocols; char *alpn_protocols; ssl_ct_validation_t ct_validation; + /* Ciphersuites to set on a renegotiation */ + char *reneg_ciphers; } SSL_TEST_CLIENT_CONF; typedef struct { |