summaryrefslogtreecommitdiff
path: root/app/openssl/patches/README
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-06-13 12:13:04 +0200
committerParménides GV <parmegv@sdf.org>2014-06-13 12:13:04 +0200
commit3a71bc9e4aa4296f460e2e3c55de74c9852477ad (patch)
treef816597a7c4322137f0657e7aa2bf392404d1870 /app/openssl/patches/README
parentcfe67bfd8260253ce9288225b9e26f666d27133f (diff)
parent36247e71df88fa13c6c5a887de3b11d9a883615f (diff)
Merge branch 'feature/establish-an-upstream-relationship-with-ics-openvpn-codebase-#5381' into develop
Diffstat (limited to 'app/openssl/patches/README')
-rw-r--r--app/openssl/patches/README61
1 files changed, 43 insertions, 18 deletions
diff --git a/app/openssl/patches/README b/app/openssl/patches/README
index 54b6e068..2ff69282 100644
--- a/app/openssl/patches/README
+++ b/app/openssl/patches/README
@@ -3,18 +3,6 @@ progs.patch:
Fixup sources under the apps/ directory that are not built under the android environment.
-small_records.patch:
-
-Reduce OpenSSL memory consumption.
-SSL records may be as large as 16K, but are typically < 2K. In
-addition, a historic bug in Windows allowed records to be as large
-32K. OpenSSL statically allocates read and write buffers (34K and
-18K respectively) used for processing records.
-With this patch, OpenSSL statically allocates 4K + 4K buffers, with
-the option of dynamically growing buffers to 34K + 4K, which is a
-saving of 44K per connection for the typical case.
-
-
handshake_cutthrough.patch
Enables SSL3+ clients to send application data immediately following the
@@ -26,14 +14,51 @@ jsse.patch
Support for JSSE implementation based on OpenSSL.
-npn.patch
+channelid.patch
+
+Implements TLS Channel ID support as both a client and a server.
+See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.
+
+eng_dyn_dirs.patch
+
+Fixes the case of having multiple DIR_ADD commands sent to eng_dyn
+
+fix_clang_build.patch
+
+Fixes the Clang based build.
+
+tls12_digests.patch
+
+Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
+keys.
+
+alpn.patch
+
+This change adds support for ALPN in OpenSSL. ALPN is the IETF
+blessed version of NPN and we'll be supporting both ALPN and NPN for
+some time yet.
+
+cbc_record_splitting.patch
+
+BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
+record splitting. Record splitting is disabled by default.
+
+dsa_nonce.patch
+
+Adds an option to mix in hash of message and private key into (EC)DSA nonces to
+make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
+is disabled by default.
+
+ecdhe_psk.patch
-Transport Layer Security (TLS) Next Protocol Negotiation Extension
+Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.
-sslv3_uninit_padding.patch
+tls_psk_hint.patch
-This patch sets the padding for SSLv3 block ciphers to zero.
+Fixes issues with TLS-PSK identity hint implementation where
+per-connection/session and per-context hints were being mixed up.
-sha1_armv4_large.patch
+psk_client_callback_128_byte_id_bug.patch
-This patch eliminates memory stores to addresses below SP.
+Fixes the issue where it was impossible to return a 128 byte long PSK identity
+(the maximum supported length) from psk_client_callback.