diff options
author | Jack Lloyd <[email protected]> | 2016-04-15 02:09:45 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-04-15 02:09:45 -0400 |
commit | 6315841fca399cf9bdc62b324fdfe0e23b9afbe9 (patch) | |
tree | 30aada06ff2169efe442c39ccd48e644dcfb2364 /doc | |
parent | 0b06b4f61b497c7ad9869441f12ee287b65cde36 (diff) |
Don't reject TLS packets with zero plaintext bytes
OpenSSL sends an empty record before each new data record in TLS v1.0
to randomize the IV, as a countermeasure to the BEAST attack. Most
implementations use 1/(n-1) splitting for this instead.
Bug introduced with the const time changes in 1.11.23
Diffstat (limited to 'doc')
-rw-r--r-- | doc/news.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/news.rst b/doc/news.rst index 7a5b3b115..b1a04302a 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -4,6 +4,11 @@ Release Notes Version 1.11.30, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* In 1.11.23 a bug was introduced such that CBC-encrypted TLS packets + containing no plaintext bytes at all were incorrectly rejected with + a MAC failure. Records like this are used by OpenSSL in TLS 1.0 + connections in order to randomize the IV. + * Add IETF versions of the ChaCha20Poly1305 TLS ciphersuites from draft-ietf-tls-chacha20-poly1305-04. The previously implemented (non-standard) ChaCha20Poly1305 ciphersuites from |