From 693cf80c6ff54ae276a44d305d4ad07168ec6895 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 15 May 2018 19:01:41 +0200
Subject: Enable SSL_MODE_AUTO_RETRY by default

Because TLS 1.3 sends more non-application data records some clients run
into problems because they don't expect SSL_read() to return and set
SSL_ERROR_WANT_READ after processing it.

This can cause problems for clients that use blocking I/O and use
select() to see if data is available. It can be cleared using
SSL_CTX_clear_mode().

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #6260
---
 apps/s_server.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'apps/s_server.c')

diff --git a/apps/s_server.c b/apps/s_server.c
index 6180617258..b0d38e4849 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1753,6 +1753,9 @@ int s_server_main(int argc, char *argv[])
         ERR_print_errors(bio_err);
         goto end;
     }
+
+    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
     if (sdebug)
         ssl_ctx_security_debug(ctx, sdebug);
 
-- 
cgit v1.2.3