[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Jeffrey Walton noloader at gmail.com
Fri Dec 11 18:30:59 UTC 2015


> 3. The compiler wasn't written by a fanatic who put
>   the "right shift of negative signed values is
>   undefined" rule above common sense.
>
> This is only implementation-defined behavior, not undefined behavior.  It is
> not permitted to crash the system or launch the missiles.  (n1256.pdf 6.5.7
> paragraph 5.)

The potential problem with implementation defined is its not
guaranteed to produce consistent results. Different compilers or
different versions of the same compiler may arrive at different
results.

In this light, the crash might be welcomed to make it easy to find the
trouble spot :)


More information about the openssl-users mailing list