On Mon, Oct 31, 2011 at 05:56:53PM +0100, Tomas Mraz via RT wrote: > By default the 0/n split is used but in case the > SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag is set, we split the first > record with 1/n-1.
There are terminators that also have a problem with this 1/n-1 splitting. You might want to read this for instance: http://www.imperialviolet.org/2012/01/15/beastfollowup.html So it would be nice to still have the option to not have either splitting, but I think we should default to 1/n-1. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
