[openssl-dev] DTLS encrypt-then-mac
David Woodhouse
dwmw2 at infradead.org
Fri Oct 14 00:27:05 UTC 2016
On Thu, 2016-10-13 at 23:48 +0100, Matt Caswell wrote:
>
> > Any dissenting opinions?
>
> Not from me. It's broken. Lets fix it.
Thanks. https://github.com/openssl/openssl/pull/1705 updated accordingly.
With that fixed, I think https://github.com/openssl/openssl/pull/1666
is now ready to be merged too (it contains the fixes from #1705, which
it depends on).
The only bit I wasn't sure about in #1666 was the addition of the DTLS
cipher tests to ssl_test_old — which is redundant now I've written a
completely new test to do an MTU torture test on every cipher suite
(both with an without EtM, for CBC suites). So I took it out.
But I've submitted that part separately anyway, since part of it might
be useful — in order for the test recipe to *get* the list of DTLS
ciphersuites, I had to make 'openssl ciphers DTLSv1' work. Which might
be worth keeping, although it wants careful review:
https://github.com/openssl/openssl/pull/1710
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161014/4a66dc87/attachment.bin>
More information about the openssl-dev
mailing list