Implement known-IV countermeasure.

Fix length checks in ssl3_get_client_hello(). Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
author: Bodo Möller <bodo@openssl.org> 2002-04-13 22:47:20 +0000
committer: Bodo Möller <bodo@openssl.org> 2002-04-13 22:47:20 +0000
commit: 82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc (patch)
tree: 708f5e5cb06a863a90c9742071bae98310b5b980 /STATUS
parent: 3a7cef3e76aae1ef0d03f50b9e7ebcdf41b30c90 (diff)
download: openssl-new-82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc.tar.gz
1 files changed, 1 insertions, 5 deletions
diff --git a/STATUS b/STATUS
index 7853d9ff50..3744876fbf 100644
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/03/11 09:36:04 $
+  ______________                           $Date: 2002/04/13 22:47:04 $
 
   DEVELOPMENT STATE
 
@@ -62,10 +62,6 @@
 
   NEEDS PATCH
 
-    o  An (optional) countermeasure against the predictable-IV CBC
-       weakness in SSL/TLS should be added; see
-       http://www.openssl.org/~bodo/tls-cbc.txt
-
     o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
 
     o  "OpenSSL STATUS" is never up-to-date.
author	Bodo Möller <bodo@openssl.org>	2002-04-13 22:47:20 +0000
committer	Bodo Möller <bodo@openssl.org>	2002-04-13 22:47:20 +0000
commit	82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc (patch)
tree	708f5e5cb06a863a90c9742071bae98310b5b980 /STATUS
parent	3a7cef3e76aae1ef0d03f50b9e7ebcdf41b30c90 (diff)
download	openssl-new-82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc.tar.gz