Silently discard invalid DTLS records. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2021-07-21 07:51:12 +0000
committer	jsing <>	2021-07-21 07:51:12 +0000
commit	9d9ae9aff0e9bd5baa9a63ea2820e82a6ad70651 (patch)
tree	48b0f617acae7d3ff31ef0ae1660881904e23310 /src/lib/libssl/d1_lib.c
parent	b3a58e03f75e67c39eea24d0a51cb76f8a36b206 (diff)
download	openbsd-9d9ae9aff0e9bd5baa9a63ea2820e82a6ad70651.tar.gz openbsd-9d9ae9aff0e9bd5baa9a63ea2820e82a6ad70651.tar.bz2 openbsd-9d9ae9aff0e9bd5baa9a63ea2820e82a6ad70651.zip

Silently discard invalid DTLS records.

Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records, including those that have a bad MAC. When converting to the new record layer, we inadvertantly switched to standard TLS behaviour, where an invalid record is fatal. This restores the previous behaviour. Issue noted by inoguchi@ ok inoguchi@

Diffstat (limited to 'src/lib/libssl/d1_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: