On Sun, Jun 01, 2014, Viktor Dukhovni wrote: > On Sun, Jun 01, 2014 at 07:18:18PM +0200, Stephen Henson via RT wrote: > > > I've updated OpenSSL so the padding extension is no longer used by default > > and > > the option SSL_OP_TLSEXT_PADDING enables it (it is part of the SSL_OP_ALL). > > This resolves this issue as applications can now decide whether to use the > > padding extension or not. > > Thanks. In particular, since SSL_OP_ALL is a compile-time constant, > applications compiled with older releases will not send the extension > by default. Only applications compiled against 1.0.1g or later > that use SSL_OP_ALL, or specifically enable this work-around, will > send the extension. >
Actually it currently reuses an obsolete bit of SSL_OP_ALL so any existing application setting SSL_OP_ALL will use it. That's not set in stone and we do have a spare bit. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org