[gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Jun 12 10:33:14 CEST 2019
I applied this hack to OpenSSL 1.1.0 to make it *not* do EtM even when it's negotiated it:
```
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -370,7 +370,7 @@
# define GET_MAX_FRAGMENT_LENGTH(session) \
(512U << (session->ext.max_fragment_len_mode - 1))
-# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_READ_ETM(s) (0 && s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
/* Mostly for SSLv3 */
```
Now it talks to GnuTLS just fine.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_180412842
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190612/b8017d3c/attachment.html>
More information about the Gnutls-devel
mailing list