Tomáš Mráz
Tomáš Mráz
This looks good to me now, however given this is an API break we should discuss it within OTC at least.
Sure, but at least for some known broken messages the failure was returned, now it will not be. I personally think this is a very beneficial change and should be...
The vote was closed: topic: Set PR 13817 milestone to Post 3.0 Proposed by Tim Hudson Public: yes opened: 2021-04-20 closed: 2021-05-21 accepted: yes (for: 2, against: 0, abstained: 7,...
**Summary for the OTC decision** This PR changes the RSA_private_decrypt() API in a way that makes it no longer possible to mount a Bleichenbacher attack on the private key based...
Apparently the kernel in CI does not have this bug fixed. I am not sure we want this cipher to be unconditionally enabled with KTLS. Does that mean we leave...
I'd prefer enabling this cipher with KTLS only if running on a sufficiently new kernel.
> do you have any thoughts on how to figure out correct kernel version in run-time? with `uname()` called you get the version that is issued by distributor which will...
The constant failure with the CI just shows that it would be a bad idea to enable this without run-time detection of the buggy kernel of some kind.
Alternatively I'd propose to enclose the check of the TLS-1.3 version with `#ifndef OPENSSL_KTLS_TLS_1_3_CCM_ENABLE` - which can be defined on Configure command line for those who know that the built...
The CI is relevant.