Hello! The patch marking the GOST ciphersuites DTLS-uncapable is attached.
Thank you! On Thu, Mar 17, 2016 at 4:28 PM, The default queue via RT <r...@openssl.org> wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "GOST ciphersuites and DTLS", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #4438]. > > Please include the string: > > [openssl.org #4438] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > r...@openssl.org > > ------------------------------------------------------------------------- > Hello OpenSSL team, > > The GOST ciphersuites currently defined are not DTLS-capable. > > So it should be fixed in the ssl/s3_lib.c file. > > Thank you! > > -- > SY, Dmitry Belyavsky > > > ------------------------------------------------------------------------- > http://rt.openssl.org/Ticket/Display.html?id=4438&user=guest&pass=guest > -- SY, Dmitry Belyavsky
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ef65050..46987a9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT, SSL_GOST89MAC, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, @@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST94, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, @@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT12, SSL_GOST89MAC12, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, @@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST12_256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 0,
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev