Hi, The "no-tlsext" option (resulting in OPENSSL_NO_TLSEXT beeing set) has some problems:
1) If OPENSSL_NO_TLSEXT is set, the parsing code for TLS extensions is not beeing compiled in, but we still always send the SCSV cipher suite indicating that we support secure renegotiation according to RFC 5746. The problem with this is that if we are a client and send SCSV to the server, the server will reply with the tls extension for secure negotiation, which we can't parse and have to abort the connection with "bad packet length". This can be fixed with ifdef-ing the SCSV sending code in ssl_cipher_list_to_bytes. 2) Some of the checks for using SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTATION are performed in ssl_parse_clienthello_tlsext and ssl_parse_serverhello_tlsext. When they are not included in the code, unsafe legacy renegotations may be performed even when the flag is not set. From some quick testing it seems to be a problem only with SSLv3 and not TLSv1, but I didn't investigate the matter extensively. -Tomas ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
