[openssl-dev] [openssl.org #3657] OpenSSL 1.0.1k DTLS handshake no longer works
Matt Caswell via RT
rt at openssl.org
Tue Jan 27 14:48:25 UTC 2015
On Thu Jan 15 17:21:35 2015, matt wrote:
> In response to your previous documentation question it is
> (unfortunately)
> undocumented. :-(
> The best I can offer you is the source code:
> int read_ahead; /* Read as many input bytes as possible * (for non-
> blocking
> reads) */
> With regards to your second point, I consider it a bug that this is
> not the
> default for DTLS. Unfortunately that bug has remained dormant until
> the fix for
> CVE-2014-0206 exposed it.
>
> I'm keeping this ticket open, until we have a proper fix. For now
> though the
> workaround is to use the SSL_CTX_set_read_ahead function directly.
A slight correction to the notes above. The reference should be to
CVE-2014-3571 (not CVE-2014-0206 as stated).
I have now committed the fix for this problem. See commit 8dd4ad0ff in master
(for 1.0.1 see 1895583). This fix makes read_ahead the default for DTLS...and
in fact you can't turn it off now for DTLS either (calls to the read_ahead
functions are ignored).
I've also added some documentation for the read_ahead functions in commit
85074745. These are now irrelevant for DTLS (since you can't turn read_ahead
off), but still relevant for TLS.
Closing this ticket.
Matt
More information about the openssl-dev
mailing list