git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit - ssl/record/rec_layer_s3.c

projects / thirdparty / openssl.git / commit

author	Matt Caswell <matt@openssl.org>
	Wed, 2 Nov 2016 09:14:51 +0000 (09:14 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 2 Nov 2016 23:22:48 +0000 (23:22 +0000)
commit	436a2a0179416d2cc22b678b63e50c2638384d5f
tree	087379f48bce48c9b2829c612f84901b862cb5a9	tree \| snapshot
parent	2c4a3f938ca378d2017275d299f02512b232ceaf	commit \| diff

Fail if an unrecognised record type is received

TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but
TLS 1.2 says you MUST send an unexpected message alert. We swap to the
TLS 1.2 behaviour for all protocol versions to prevent issues where no
progress is being made and the peer continually sends unrecognised record
types, using up resources processing them.

Issue reported by 郭志攀

Reviewed-by: Tim Hudson <tjh@openssl.org>

ssl/record/rec_layer_s3.c

diff | blob | blame | history

A mirror of the official openssl repository

RSS Atom