[gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Jun 12 10:33:14 CEST 2019




I applied this hack to OpenSSL 1.1.0 to make it *not* do EtM even when it's negotiated it:

```
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -370,7 +370,7 @@
 # define GET_MAX_FRAGMENT_LENGTH(session) \
     (512U << (session->ext.max_fragment_len_mode - 1))
 
-# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_READ_ETM(s) (0 && s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
 # define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
 
 /* Mostly for SSLv3 */
```

Now it talks to GnuTLS just fine.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_180412842
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190612/b8017d3c/attachment.html>


More information about the Gnutls-devel mailing list