Are there any updates on OpenSSL's plans for including (or not) the 1/n-1 record splitting mitigation technique that the browser vendors seemed to have settled on?
I know at various times in the past (Oct. 2011 and April 2012) there have been various proposals regarding the "solution" moving forward. Tomas Mraz and Andy Polyakov (and maybe others) both posted sample patches. I am also aware of the 0/n record splitting mitigation technique (i.e. SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) that is currently available in most versions of OpenSSL by default. This question is specific to the 1/n-1 record splitting technique. Thank you.
