> http://cvs.openssl.org/chngview?cn=22334 is interim solution, > proper solution will be provided at later point (if found appropriate).
Thanks, this circumvents the DTLS issue. The TLS empty fragments issue remains, but this patch hints at the cause. I think the problem is here, (s3_pkt.c, circa line 664): if ( (sess == NULL) || (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) clear=1; if (clear) mac_size=0; else { mac_size=EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) goto err; } /* 'create_empty_fragment' is true only when this function calls itself */ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { /* countermeasure against known-IV weakness in CBC ciphersuites * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ ... If I'm reading things correctly, the cipher workarounds mean EVP_MD_CTX_md(s->write_hash) is always NULL so this code skips the empty fragments countermeasure. Debug printfs verify that "clear" differs in good/bad test runs. I'm guessing this test is here to prevent unwanted empty fragments before the handshake is complete, but it looks like the logic is flawed. I notice similar logic in ssl3_get_record(), (unrelated to empty fragments). That may be broken also. Regards, John ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org