> > Quick background: Some router firmwares from F5 have a bug that they > > fail if the SSL handshake is between 256 and 511 bytes. > > > > Following up that openssl and other major ssl implementations > > introduced a TLS padding extension that does nothing else than padding > > the handshake if it is between these sizes. > > hmm. the workaround isn't particularly intrusive imo. also, while our > policy has been minimal workarounds, i think that applies to the host > operating system. interop compat is a different beast.
Indeed. Removal of this code would require proof that it causes no harm. I am quite frankly sick of being told that we are removing code we don't understand, when it is not true. In this case, we have no idea how many broken F5's there are out there, so there is no reason to remove this code. Proving the case would be up to you Hanno. You can start by trying to suggest that the OpenSSL folk should remove it...
