diff options
author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2021-12-06 17:50:50 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-11-16 16:46:46 +0100 |
commit | 34c2f90d8ed325a892618ce0e42ebe916966d4d8 (patch) | |
tree | 72c988d28110d7f5f075470e9d8ffca003eb7b48 /CHANGES.md | |
parent | 3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2 (diff) | |
download | openssl-new-34c2f90d8ed325a892618ce0e42ebe916966d4d8.tar.gz |
KTLS: enable the CCM mode of ktls
The latest kernel (including stable kernel) has fixed the issue
of decryption failure in CCM mode in TLS 1.3. It is necessary to
reenable CCM mode for KTLS.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17207)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index f0ecb25483..a55a6c47aa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -223,6 +223,14 @@ OpenSSL 3.2 *Hugo Landau* + * Enable KTLS with the TLS 1.3 CCM mode ciphersuites. Note that some linux + kernel versions that support KTLS have a known bug in CCM processing. That + has been fixed in stable releases starting from 5.4.164, 5.10.84, 5.15.7, + and all releases since 5.16. KTLS with CCM ciphersuites should be only used + on these releases. + + *Tianjia Zhang* + OpenSSL 3.0 ----------- |