On Sun, Jun 01, 2014, Viktor Dukhovni wrote:

> On Sun, Jun 01, 2014 at 07:18:18PM +0200, Stephen Henson via RT wrote:
> 
> > I've updated OpenSSL so the padding extension is no longer used by default 
> > and
> > the option SSL_OP_TLSEXT_PADDING enables it (it is part of the SSL_OP_ALL).
> > This resolves this issue as applications can now decide whether to use the
> > padding extension or not.
> 
> Thanks.  In particular, since SSL_OP_ALL is a compile-time constant,
> applications compiled with older releases will not send the extension
> by default.  Only applications compiled against 1.0.1g or later
> that use SSL_OP_ALL, or specifically enable this work-around, will
> send the extension.
> 

Actually it currently reuses an obsolete bit of SSL_OP_ALL so any existing
application setting SSL_OP_ALL will use it. That's not set in stone and we do
have a spare bit.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to