Expand comment that details why two DTLS tests currently fail. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2021-06-19 15:52:41 +0000
committer	jsing <>	2021-06-19 15:52:41 +0000
commit	80619541756202355d5003f68af0c6603b651bb5 (patch)
tree	551cbd62a43f4110584997c46543184cae767689 /src/lib/libssl/ssl_lib.c
parent	03e245321646ba94158722be283f080d7603563a (diff)
download	openbsd-80619541756202355d5003f68af0c6603b651bb5.tar.gz openbsd-80619541756202355d5003f68af0c6603b651bb5.tar.bz2 openbsd-80619541756202355d5003f68af0c6603b651bb5.zip

Expand comment that details why two DTLS tests currently fail.

Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0 specification - this flaw was addressed in DTLSv1.2, however our DTLS server code still needs to support the fix. Quoting RFC 6347 section 4.2.4: "This requirement applies to DTLS 1.0 as well, and though not explicit in [DTLS1], it was always required for the state machine to function correctly." In otherwords, both the original DTLS implementation and the DTLSv1.0 specification have a broken state machine, resulting in possible dead lock.

Diffstat (limited to 'src/lib/libssl/ssl_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: