diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-04-05 20:43:54 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-04-05 20:52:59 +0100 |
commit | 51624dbdaed5325ac763e63dc5eb0b3ef85d6489 (patch) | |
tree | e87fdd6b766e87b344a96157b44146881080b406 | |
parent | 9e29df0027273f11bdc4732cbc69da55dc4a4f74 (diff) | |
download | openssl-new-51624dbdaed5325ac763e63dc5eb0b3ef85d6489.tar.gz |
Set TLS padding extension value.
Enable TLS padding extension using official value from:
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
(cherry picked from commit cd6bd5ffda616822b52104fee0c4c7d623fd4f53)
Conflicts:
CHANGES
ssl/tls1.h
-rw-r--r-- | CHANGES | 12 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 | ||||
-rw-r--r-- | ssl/tls1.h | 6 |
3 files changed, 8 insertions, 12 deletions
@@ -13,23 +13,13 @@ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) [Yuval Yarom and Naomi Benger] - *) TLS pad extension: draft-agl-tls-padding-02 + *) TLS pad extension: draft-agl-tls-padding-03 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. - To enable it use an unused extension number (for example chrome uses - 35655) using: - - e.g. -DTLSEXT_TYPE_padding=35655 - - Since the extension is ignored the actual number doesn't matter as long - as it doesn't clash with any existing extension. - - This will be updated when the extension gets an official number. - [Adam Langley, Steve Henson] Changes between 1.0.1e and 1.0.1f [6 Jan 2014] diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 29ccd833ec..b82fadace6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -664,7 +664,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha #ifdef TLSEXT_TYPE_padding /* Add padding to workaround bugs in F5 terminators. - * See https://tools.ietf.org/html/draft-agl-tls-padding-02 + * See https://tools.ietf.org/html/draft-agl-tls-padding-03 * * NB: because this code works out the length of all existing * extensions it MUST always appear last. diff --git a/ssl/tls1.h b/ssl/tls1.h index c39c267f0b..c992091e30 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -230,6 +230,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ #define TLSEXT_TYPE_heartbeat 15 +/* ExtensionType value for TLS padding extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * http://tools.ietf.org/html/draft-agl-tls-padding-03 + */ +#define TLSEXT_TYPE_padding 21 + /* ExtensionType value from RFC4507 */ #define TLSEXT_TYPE_session_ticket 35 |