Silently discard invalid DTLS records. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2021-07-21 07:51:12 +0000
committer	jsing <>	2021-07-21 07:51:12 +0000
commit	79b1c4fd5d0d72bf2e38130064b797ecc99c1cbe (patch)
tree	48b0f617acae7d3ff31ef0ae1660881904e23310 /src/lib/libc
parent	bf8b2c9ec0c609c82b5461ea29f83549dc7ac156 (diff)
download	openbsd-79b1c4fd5d0d72bf2e38130064b797ecc99c1cbe.tar.gz openbsd-79b1c4fd5d0d72bf2e38130064b797ecc99c1cbe.tar.bz2 openbsd-79b1c4fd5d0d72bf2e38130064b797ecc99c1cbe.zip

Silently discard invalid DTLS records.

Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records, including those that have a bad MAC. When converting to the new record layer, we inadvertantly switched to standard TLS behaviour, where an invalid record is fatal. This restores the previous behaviour. Issue noted by inoguchi@ ok inoguchi@

Diffstat (limited to 'src/lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: