CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2014/04/28 14:05:21
Modified files:
lib/libssl/src/ssl: ssl.h
Log message:
SSL_OP_ALL is supposed to be all options and workarounds that are safe,
but disabling attack mitigations is not safe. 0.9.6d contained a
workaround for an attack against CBC modes. 0.9.6e disabled it by default
because "some" implementations couldn't handle empty fragments. 12 years
have passed. Does anybody still care? Let's find out.
ok miod
