openwrt/em-br6478acv2/master-187ad058 - openwrt master 187ad058

diff options

author	Jo-Philipp Wich <jow@openwrt.org>	2015-05-04 08:49:21 +0000
committer	Jo-Philipp Wich <jow@openwrt.org>	2015-05-04 08:49:21 +0000
commit	2569721374c2b0742611e428dacdc185485e38ab (patch)
tree	1368012886ac55459ac8b49fe203a62ee350e033 /tools/sed/patches
parent	079ab1e22ae16a739bc87caa8d284a671f109959 (diff)
download	master-187ad058-2569721374c2b0742611e428dacdc185485e38ab.tar.gz master-187ad058-2569721374c2b0742611e428dacdc185485e38ab.tar.bz2 master-187ad058-2569721374c2b0742611e428dacdc185485e38ab.zip

openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)

OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45602 3c298f89-4303-0410-b956-a3cf2f4a3e73

Diffstat (limited to 'tools/sed/patches')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: