Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Experimental workaround TLS filler (WTF) extension. Based on a suggested
+ workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client
+ Hello record length value would otherwise be > 255 and less that 512
+ pad with a dummy extension containing zeroes so it is at least 512 bytes
+ long.
+
+ To enable it use an unused extension number (for example 0x4242) using
+ e.g. -DTLSEXT_TYPE_wtf=0x4242
+
+ WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
+
+ [Steve Henson]
+
*) Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
- To enable it set the appropriate extension number (0x10 for the test
- server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
+ To enable it set the appropriate extension number (0x42 for the test
+ server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42
For non-compliant peers (i.e. just about everything) this should have no
effect.
WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
- NOTE: unfortunately the test server value (0x10) clashes with the draft
- ALPN extension. Until this is resolved the only way to check against the
- test server is to temporarily change the ALPN extension value (ugh!).
-
[Steve Henson]
*) Add callbacks supporting generation and retrieval of supplemental