[openssl-commits] Passed: openssl/openssl#3798 (OpenSSL_1_0_2-stable - b8943a5)

Travis CI builds at travis-ci.org
Mon May 9 20:14:29 UTC 2016


Build Update for openssl/openssl
-------------------------------------

Build: #3798
Status: Passed

Duration: 24 minutes and 43 seconds
Commit: b8943a5 (OpenSSL_1_0_2-stable)
Author: David Benjamin
Message: Don't send signature algorithms when client_version is below TLS 1.2.

Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223

RT#4390

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
(cherry picked from commit f7aa318552c4ef62d902c480b59bd7c4513c0009)

Conflicts:
	ssl/ssl_locl.h

View the changeset: https://github.com/openssl/openssl/compare/d516d7a94098...b8943a511b58

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/128906238

--

You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20160509/dd238f35/attachment-0001.html>


More information about the openssl-commits mailing list