Hello,
I've found I made a typo introducing the GOST ciphersuite 0x0300ff87.
It's a ciphersuite with NULL encryption and so it is rarely used, that's
why I did not catch this mistake during the testing.
This specification requires using the "stream MAC" mode for this
ciphersuite. The patch is attached.
Thank you!
--
SY, Dmitry Belyavsky
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e3e4fd3..50dbbc5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3284,7 +3284,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST12_256,
SSL_TLSV1,
SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
0},
#endif
_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
