> [[email protected] - Fri Mar 30 09:21:50 2012]: > > Don't know if this is related or not, but I'm also running a very > similar test that uses TLS instead of DTLS, (same scenario, OpenSSL > 1.0.1 with 1.0.0 Cipher Suites selected). That works fine, except > that the 64 bit version of the test looks like it doesn't include > the "Empty Fragments" security countermeasure, (at least the > telltale 32 byte record at the start of each packet isn't there). >
If you're using TLS v1.1 or 1.2 then you shouldn't encounter empty fragments on any version as they are not required any more as CBC mode includes an explicit IV. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
