summaryrefslogtreecommitdiff
path: root/main/openssl/patches/README
blob: 53444701cdf912a3d49e296fb29c1150a639c008 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
progs.patch:

Fixup sources under the apps/ directory that are not built under the android environment.


handshake_cutthrough.patch

Enables SSL3+ clients to send application data immediately following the
Finished message even when negotiating full-handshakes.  With this patch,
clients can negotiate SSL connections in 1-RTT even when performing
full-handshakes.

jsse.patch

Support for JSSE implementation based on OpenSSL.

channelid.patch

Implements TLS Channel ID support as both a client and a server.
See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.

eng_dyn_dirs.patch

Fixes the case of having multiple DIR_ADD commands sent to eng_dyn

fix_clang_build.patch

Fixes the Clang based build.

tls12_digests.patch

Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
keys.

alpn.patch

This change adds support for ALPN in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

cbc_record_splitting.patch

BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
record splitting. Record splitting is disabled by default.

dsa_nonce.patch

Adds an option to mix in hash of message and private key into (EC)DSA nonces to
make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
is disabled by default.

ecdhe_psk.patch

Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.

ecdhe_psk_part2.patch

Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with
SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds
SHA-1 based ECDHE-PSK AES-CBC cipher suites instead.

arm_asm.patch

Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8
Based on branch available at:
https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches
c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730

tls_psk_hint.patch

Fixes issues with TLS-PSK identity hint implementation where
per-connection/session and per-context hints were being mixed up.

psk_client_callback_128_byte_id_bug.patch

Fixes the issue where it was impossible to return a 128 byte long PSK identity
(the maximum supported length) from psk_client_callback.

tls_fallback_scsv.patch

Adds the signalling cipher suite value (SCSV) from
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00