I tested the master branch that adds this capability, but I’m apparently not
using the right combination of flags to turn it off – when I attempt
s_client/s_server in the 1.1.1dev branch, I’m still seeing the ETM extension
offered and negotiated for CBC suites. What would be the correct method t
On 16/01/17 14:14, Michael Shirley wrote:
> It appears that starting with OpenSSL 1.1.0, it is not possible to
> disable the Encrypt-Then-MAC (ETM) TLS extension for CBC ciphers. Is
> there an undocumented method to do this, which would also allow me to
> use the built-in s_server/s_client test m
It appears that starting with OpenSSL 1.1.0, it is not possible to disable the
Encrypt-Then-MAC (ETM) TLS extension for CBC ciphers. Is there an undocumented
method to do this, which would also allow me to use the built-in
s_server/s_client test mechanism?
Thanks,
-Mike
Michael Shirley
Senior