[openssl-dev] [openssl.org #4213] Error defining ciphersuite 0x0300ff87
Dmitry Belyavsky via RT
rt at openssl.org
Sat Jan 2 11:15:00 UTC 2016
Hello,
I've found I made a typo introducing the GOST ciphersuite 0x0300ff87.
It's a ciphersuite with NULL encryption and so it is rarely used, that's
why I did not catch this mistake during the testing.
This specification requires using the "stream MAC" mode for this
ciphersuite. The patch is attached.
Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e3e4fd3..50dbbc5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3284,7 +3284,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST12_256,
SSL_TLSV1,
SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
0},
#endif
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list