diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-05-15 19:01:41 +0200 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-05-22 22:45:28 +0200 |
commit | 693cf80c6ff54ae276a44d305d4ad07168ec6895 (patch) | |
tree | bed0784d42fe6d1544cbe3c1ebf1abe56eb65cf1 /apps/s_server.c | |
parent | 1aac20f5095fca8691ef4495c3e7438c935a33dc (diff) | |
download | openssl-693cf80c6ff54ae276a44d305d4ad07168ec6895.tar.gz |
Enable SSL_MODE_AUTO_RETRY by default
Because TLS 1.3 sends more non-application data records some clients run
into problems because they don't expect SSL_read() to return and set
SSL_ERROR_WANT_READ after processing it.
This can cause problems for clients that use blocking I/O and use
select() to see if data is available. It can be cleared using
SSL_CTX_clear_mode().
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #6260
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 6180617258..b0d38e4849 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1753,6 +1753,9 @@ int s_server_main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } + + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); + if (sdebug) ssl_ctx_security_debug(ctx, sdebug); |