diff options
| -rw-r--r-- | CHANGES.md | 8 | ||||
| -rw-r--r-- | ssl/record/methods/ktls_meth.c | 3 |
2 files changed, 9 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md index f0ecb25483..a55a6c47aa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -223,6 +223,14 @@ OpenSSL 3.2 *Hugo Landau* + * Enable KTLS with the TLS 1.3 CCM mode ciphersuites. Note that some linux + kernel versions that support KTLS have a known bug in CCM processing. That + has been fixed in stable releases starting from 5.4.164, 5.10.84, 5.15.7, + and all releases since 5.16. KTLS with CCM ciphersuites should be only used + on these releases. + + *Tianjia Zhang* + OpenSSL 3.0 ----------- diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c index 1fd83c94f2..5c94837dc0 100644 --- a/ssl/record/methods/ktls_meth.c +++ b/ssl/record/methods/ktls_meth.c @@ -147,8 +147,7 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl, */ # ifdef OPENSSL_KTLS_AES_CCM_128 if (EVP_CIPHER_is_a(c, "AES-128-CCM")) { - if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */ - || taglen != EVP_CCM_TLS_TAG_LEN) + if (taglen != EVP_CCM_TLS_TAG_LEN) return 0; return 1; } else |