diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-06-27 14:42:43 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-06-27 14:42:43 +0000 |
commit | 28566b4966ead6d828e3f5095ee15feb4744ed96 (patch) | |
tree | e42f8f6a54a07b341a702d81e99a2e405c330fd2 | |
parent | b4b15f68c01c4bf4557db5ff6180623411540b52 (diff) | |
download | openssl-28566b4966ead6d828e3f5095ee15feb4744ed96.tar.gz |
no need for empty fragments with TLS 1.1 and later due to explicit IV
-rw-r--r-- | ssl/t1_enc.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b5c3179c48..5446bb250d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -607,7 +607,8 @@ printf("\nkey block\n"); { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } #endif - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) + && s->method->version <= TLS1_VERSION) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) |