[openssl-users] [openssl-dev] OpenSSL version 1.0.2n published

Viktor Dukhovni openssl-users at dukhovni.org
Thu Dec 7 18:40:44 UTC 2017

> On Dec 7, 2017, at 8:55 AM, OpenSSL <openssl at openssl.org> wrote:
>   OpenSSL - The Open Source toolkit for SSL/TLS
>   https://www.openssl.org/
>   The OpenSSL project team is pleased to announce the release of
>   version 1.0.2n of our open source toolkit for SSL/TLS. For details
>   of changes and known issues see the release notes at:
>        https://www.openssl.org/news/openssl-1.0.2-notes.html

It is perhaps useful to expand on one sentence in the CHANGE log:

 Changes between 1.0.2m and 1.0.2n [7 Dec 2017]

  *) Read/write after SSL object in error state

     OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
     mechanism. The intent was that if a fatal error occurred during a handshake
     then OpenSSL would move into the error state and would immediately fail if
     you attempted to continue the handshake. This works as designed for the
     explicit handshake functions (SSL_do_handshake(), SSL_accept() and
     SSL_connect()), however due to a bug it does not work correctly if
     SSL_read() or SSL_write() is called directly. ...

What "directly" means at the end of the quoted text is "directly, without
first performing an explicit handshake".  In that case the handshake is
an implicit side-effect of the first read or write call, and it was in
that case that the "error state" mechanism did not behave as intended.


More information about the openssl-users mailing list