diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2021-07-21 07:51:13 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2021-07-21 07:51:13 +0000 |
commit | 571df4b33336cbaeae11fac663f95f145f31b48e (patch) | |
tree | fc2ddc11226e7ab478bef9328410ab2649bcbaa8 /usr.bin/ssh | |
parent | 17e91064c9228d1b955c0e8d789668165f9736d3 (diff) |
Silently discard invalid DTLS records.
Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records,
including those that have a bad MAC. When converting to the new record
layer, we inadvertantly switched to standard TLS behaviour, where an
invalid record is fatal. This restores the previous behaviour.
Issue noted by inoguchi@
ok inoguchi@
Diffstat (limited to 'usr.bin/ssh')
0 files changed, 0 insertions, 0 deletions