Overview
Comment: | Undo change in OpenSSL 1.1.1 which enabled SSL_MODE_AUTO_RETRY. This will avoid hangs in blocking mode after an non-app record is received, but an app record is not yet available. Also enabled SSL_MODE_ENABLE_PARTIAL_WRITE, which allows writes with fewer than all records written to be successful. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1.8 |
Files: | files | file ages | folders |
SHA3-256: |
991ab74cddf824ebcaa3e54ea1c38753 |
User & Date: | bohagan on 2024-06-23 01:39:01 |
Other Links: | branch diff | manifest | tags |
Context
2024-06-23
| ||
01:46 | Updates to provide error status when setting -cadir, -cafile, and -castore options. check-in: 568f5bc7ec user: bohagan tags: tls-1.8 | |
01:39 | Undo change in OpenSSL 1.1.1 which enabled SSL_MODE_AUTO_RETRY. This will avoid hangs in blocking mode after an non-app record is received, but an app record is not yet available. Also enabled SSL_MODE_ENABLE_PARTIAL_WRITE, which allows writes with fewer than all records written to be successful. check-in: 991ab74cdd user: bohagan tags: tls-1.8 | |
00:51 | Added more notes to doc file. check-in: 369965b608 user: bohagan tags: tls-1.8 | |
Changes
Modified generic/tls.c
from [9112e257e3]
to [b62ec44bb1].
︙ | ︙ | |||
1884 1885 1886 1887 1888 1889 1890 | } #if OPENSSL_VERSION_NUMBER < 0x10100000L OpenSSL_add_all_algorithms(); /* Load ciphers and digests */ #endif SSL_CTX_set_app_data(ctx, (void*)interp); /* remember the interpreter */ | | | | | > | | > > > > > | 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 | } #if OPENSSL_VERSION_NUMBER < 0x10100000L OpenSSL_add_all_algorithms(); /* Load ciphers and digests */ #endif SSL_CTX_set_app_data(ctx, (void*)interp); /* remember the interpreter */ SSL_CTX_set_options(ctx, SSL_OP_ALL); /* Enable all SSL bug workarounds */ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); /* Disable compression even if supported */ SSL_CTX_set_options(ctx, off); /* Disable specified protocol versions */ /* Allow writes to report success when less than all records have been written */ SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); /* Disable attempts to try to process the next record instead of returning after a non-app record. Avoids hangs in blocking mode, when using SSL_read() and a non-application record was sent and no application data was sent. */ SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_sess_set_cache_size(ctx, 128); /* Set user defined ciphers, cipher suites, and security level */ if ((ciphers != NULL) && !SSL_CTX_set_cipher_list(ctx, ciphers)) { Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL); SSL_CTX_free(ctx); return NULL; |
︙ | ︙ |