subject:"\[openssl\-dev\] \[openssl.org #4391\] \[PATCH\] Tighten up logic around ChangeCipherSpec."

[openssl-dev] [openssl.org #4391] [PATCH] Tighten up logic around ChangeCipherSpec.

2016-05-20 Thread Matt Caswell via RT

Patch applied in 1257adecd. Thanks! Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4391 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4391] [PATCH] Tighten up logic around ChangeCipherSpec.

2016-03-07 Thread David Benjamin via RT

ChangeCipherSpec messages have a defined value. They also may not occur in the middle of a handshake message. The current logic will accept a ChangeCipherSpec with value 2. It also would accept up to three bytes of handshake data before the ChangeCipherSpec which it would discard (because