Purely to give an independent answer - I'm not one of the openssl developers and I've tested this. As expected the ssl3 implementation allows any padding but the invalid padding is rejected with an alert when using TLS. So as Matt has said, it's not a problem for openssl.
Cheers Rich.
_______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
