polarssl: disable 1/n-1 record splitting
Disable record splitting (for now). OpenVPN assumes records are sent
unfragmented, which is no longer a valid assumption when record splitting
is enabled (which polarssl/mbedtls did in 1.3.10, see trac #524).
Changing the code to deal with record splitting will require intrusive
changes that need thorough review and testing. Since OpenVPN is not
susceptible to BEAST (the data transmitted over the control channel is
very hard to influence for a remote attacker), we can just disable record
splitting as a quick fix. This gives us the time to develop a proper
solution in the mean time, and test that thoroughly.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
1430766398-17209-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9646
Signed-off-by: Gert Doering <gert@greenie.muc.de>
projects / thirdparty / openvpn.git / commit
