[openssl-dev] DTLS_BAD_VER regression fixes for 1.0.2 and HEAD
David Woodhouse
dwmw2 at infradead.org
Tue Mar 3 15:20:50 UTC 2015
On Tue, 2015-03-03 at 16:03 +0100, Nikos Mavrogiannopoulos wrote:
>
> I don't know whether you'd like to depend on gnutls for testing, but I
> have a test of most ciphersuites [0] in common under various protocols
> between openssl and gnutls. That currently doesn't cope with DTLS0.9
> (gnutls' name of DTLS_BAD_VER), but could easily extend to handle it.
I did think of it, but wasn't going to suggest that I use GnuTLS purely
for testing OpenSSL's DTLS1_BAD_VER support.
But the script that you have to do systematic interop between OpenSSL
and GnuTLS looks like it could be useful for *both* projects. If that's
something that the OpenSSL team think could be added to pre-release
testing, then adding the Cisco DTLS there would certainly be helpful.
I'd then be less worried about *purely* fixing up
DTLSv0_9_server_method() and testing that in the OpenSSL internal tests.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150303/0b869498/attachment.bin>
More information about the openssl-dev
mailing list