On Thu Jan 15 17:21:35 2015, matt wrote: > In response to your previous documentation question it is > (unfortunately) > undocumented. :-( > The best I can offer you is the source code: > int read_ahead; /* Read as many input bytes as possible * (for non- > blocking > reads) */ > With regards to your second point, I consider it a bug that this is > not the > default for DTLS. Unfortunately that bug has remained dormant until > the fix for > CVE-2014-0206 exposed it. > > I'm keeping this ticket open, until we have a proper fix. For now > though the > workaround is to use the SSL_CTX_set_read_ahead function directly.
A slight correction to the notes above. The reference should be to CVE-2014-3571 (not CVE-2014-0206 as stated). I have now committed the fix for this problem. See commit 8dd4ad0ff in master (for 1.0.1 see 1895583). This fix makes read_ahead the default for DTLS...and in fact you can't turn it off now for DTLS either (calls to the read_ahead functions are ignored). I've also added some documentation for the read_ahead functions in commit 85074745. These are now irrelevant for DTLS (since you can't turn read_ahead off), but still relevant for TLS. Closing this ticket. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
