On Sun, 2012-04-15 at 16:45 +0200, Andy Polyakov via RT wrote:
> > Here is an experimental patch I wrote that implements the 1/n-1
> > record splitting technique for OpenSSL. I am sending it here for
> > consideration by OpenSSL upstream developers.
> >
> > By default the 0/n split is used but in case the
> > SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag is set, we split the first
> > record with 1/n-1.
>
> What would you [and others] say about this alternative? Non-committed,
> relative to HEAD...
....
The patch seems OK however it is not clear whether this change really
brings much.
The original experimental patch is not really usable as there are
already known applications which are even broken by the 1/n-1 split. So
for SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS the split cannot be done at all
anyway. Your patch will improve the compatibility of the case where
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not used however I have not seen
any reports, at least in our Bugzilla, that would ask for that. So it's
just a matter of preference whether you want to change the 0/n split to
1/n-1 one.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
