Re: [ipxe-devel] [ipxe/ipxe] [tls] Add support for fragmented tls handshake packets (#116)

Omniproc via ipxe-devel Tue, 12 Apr 2022 06:58:50 -0700

> Time needed to verify correctness of this patch is one possible issue, maybe 
> this could be lessened with proper tests, or at least something that can be 
> used to verify the issue. But this is critical code that and we must be 
> absolute certain does not introduce any new security issues.


Note that there's also 
https://github.com/chschenk/ipxe/tree/feature/tls_fragmentation_buildoption 
which add's a build option. By making this code optional and disable that build 
option by default it at least wouldn't break anything. Regarding security 
concerns: granted. But we're talking about ~50 lines of code here.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/116#issuecomment-1096766788
You are receiving this because you commented.

Message ID: <ipxe/ipxe/pull/116/c1096766...@github.com>

_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo/ipxe-devel

Re: [ipxe-devel] [ipxe/ipxe] [tls] Add support for fragmented tls handshake packets (#116)

Reply via email to