From 3a9386389f8311f434d276aae9bb03de200ab2bf Mon Sep 17 00:00:00 2001 From: Doug Hogan Date: Fri, 17 Jul 2015 07:04:42 +0000 Subject: Remove workaround for TLS padding bug from SSLeay days. OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@ --- lib/libssl/ssl.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib/libssl/ssl.h') diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index c47ae4632fe..84154a51765 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.87 2015/06/20 12:29:39 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -522,7 +522,6 @@ struct ssl_session_st { #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_TLS_D5_BUG 0x00000100L -#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) @@ -578,7 +577,6 @@ struct ssl_session_st { SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ SSL_OP_TLS_D5_BUG | \ - SSL_OP_TLS_BLOCK_PADDING_BUG | \ SSL_OP_CRYPTOPRO_TLSEXT_BUG) /* Obsolete flags kept for compatibility. No sane code should use them. */ @@ -594,6 +592,7 @@ struct ssl_session_st { #define SSL_OP_PKCS1_CHECK_2 0x0 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ -- cgit v1.2.3