[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    [openssl-dev] [openssl.org #3657] OpenSSL 1.0.1k DTLS handshake no longer works
From:       "Matt Caswell via RT" <rt () openssl ! org>
Date:       2015-01-27 14:48:25
Message-ID: rt-4.0.4-7695-1422370105-1261.3657-6-0 () openssl ! org
[Download RAW message or body]

On Thu Jan 15 17:21:35 2015, matt wrote:
> In response to your previous documentation question it is
> (unfortunately)
> undocumented. :-(
> The best I can offer you is the source code:
> int read_ahead; /* Read as many input bytes as possible * (for non-
> blocking
> reads) */
> With regards to your second point, I consider it a bug that this is
> not the
> default for DTLS. Unfortunately that bug has remained dormant until
> the fix for
> CVE-2014-0206 exposed it.
>
> I'm keeping this ticket open, until we have a proper fix. For now
> though the
> workaround is to use the SSL_CTX_set_read_ahead function directly.

A slight correction to the notes above. The reference should be to
CVE-2014-3571 (not CVE-2014-0206 as stated).

I have now committed the fix for this problem. See commit 8dd4ad0ff in master
(for 1.0.1 see 1895583). This fix makes read_ahead the default for DTLS...and
in fact you can't turn it off now for DTLS either (calls to the read_ahead
functions are ignored).

I've also added some documentation for the read_ahead functions in commit
85074745. These are now irrelevant for DTLS (since you can't turn read_ahead
off), but still relevant for TLS.

Closing this ticket.

Matt

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[prev in list] [next in list] [prev in thread] [next in thread]