diff options
Diffstat (limited to 'doc/man3/EVP_PKEY_CTX_ctrl.pod')
-rw-r--r-- | doc/man3/EVP_PKEY_CTX_ctrl.pod | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index edbcb0dce8..21ae20adb0 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -396,11 +396,12 @@ negotiated protocol version. Otherwise it should be left unset. Similarly to the B<RSA_PKCS1_WITH_TLS_PADDING> above, since OpenSSL version 3.2.0, the use of B<RSA_PKCS1_PADDING> will return a randomly generated message instead of padding errors in case padding checks fail. Applications that -want to remain secure while using earlier versions of OpenSSL, still need to +want to remain secure while using earlier versions of OpenSSL, or a provider +that doesn't implement the implicit rejection mechanism, still need to handle both the error code from the RSA decryption operation and the returned message in a side channel secure manner. This protection against Bleichenbacher attacks can be disabled by setting -the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0. +B<OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION> (an unsigned integer) to 0. =head2 DSA parameters |