diff options
author | Parménides GV <parmegv@sdf.org> | 2014-06-13 12:13:04 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-06-13 12:13:04 +0200 |
commit | 3a71bc9e4aa4296f460e2e3c55de74c9852477ad (patch) | |
tree | f816597a7c4322137f0657e7aa2bf392404d1870 /app/openssl/patches/README | |
parent | cfe67bfd8260253ce9288225b9e26f666d27133f (diff) | |
parent | 36247e71df88fa13c6c5a887de3b11d9a883615f (diff) |
Merge branch 'feature/establish-an-upstream-relationship-with-ics-openvpn-codebase-#5381' into develop
Diffstat (limited to 'app/openssl/patches/README')
-rw-r--r-- | app/openssl/patches/README | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/app/openssl/patches/README b/app/openssl/patches/README index 54b6e068..2ff69282 100644 --- a/app/openssl/patches/README +++ b/app/openssl/patches/README @@ -3,18 +3,6 @@ progs.patch: Fixup sources under the apps/ directory that are not built under the android environment. -small_records.patch: - -Reduce OpenSSL memory consumption. -SSL records may be as large as 16K, but are typically < 2K. In -addition, a historic bug in Windows allowed records to be as large -32K. OpenSSL statically allocates read and write buffers (34K and -18K respectively) used for processing records. -With this patch, OpenSSL statically allocates 4K + 4K buffers, with -the option of dynamically growing buffers to 34K + 4K, which is a -saving of 44K per connection for the typical case. - - handshake_cutthrough.patch Enables SSL3+ clients to send application data immediately following the @@ -26,14 +14,51 @@ jsse.patch Support for JSSE implementation based on OpenSSL. -npn.patch +channelid.patch + +Implements TLS Channel ID support as both a client and a server. +See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00. + +eng_dyn_dirs.patch + +Fixes the case of having multiple DIR_ADD commands sent to eng_dyn + +fix_clang_build.patch + +Fixes the Clang based build. + +tls12_digests.patch + +Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA +keys. + +alpn.patch + +This change adds support for ALPN in OpenSSL. ALPN is the IETF +blessed version of NPN and we'll be supporting both ALPN and NPN for +some time yet. + +cbc_record_splitting.patch + +BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1 +record splitting. Record splitting is disabled by default. + +dsa_nonce.patch + +Adds an option to mix in hash of message and private key into (EC)DSA nonces to +make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature +is disabled by default. + +ecdhe_psk.patch -Transport Layer Security (TLS) Next Protocol Negotiation Extension +Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites. -sslv3_uninit_padding.patch +tls_psk_hint.patch -This patch sets the padding for SSLv3 block ciphers to zero. +Fixes issues with TLS-PSK identity hint implementation where +per-connection/session and per-context hints were being mixed up. -sha1_armv4_large.patch +psk_client_callback_128_byte_id_bug.patch -This patch eliminates memory stores to addresses below SP. +Fixes the issue where it was impossible to return a 128 byte long PSK identity +(the maximum supported length) from psk_client_callback. |