Only enable KTLS if it is explicitly configured - openssl

diff options

author	Matt Caswell <matt@openssl.org>	2021-04-07 17:53:28 +0200
committer	Matt Caswell <matt@openssl.org>	2021-04-12 12:32:05 +0200
commit	a3a54179b6754fbed6d88e434baac710a83aaf80 (patch)
tree	91364237de70c506616c3c92dabf0f5cf9267147 /test/http_test.c
parent	Always reset IV for CBC, OFB, and CFB mode on cipher context reinit (diff)
download	openssl-a3a54179b6754fbed6d88e434baac710a83aaf80.tar.xz openssl-a3a54179b6754fbed6d88e434baac710a83aaf80.zip

Only enable KTLS if it is explicitly configured

It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specifically configured not to. This is problematic because it avoids any crypto implementations from providers. A user who configures all crypto to use the FIPS provider may unexpectedly find that TLS related crypto is actually being performed outside of the FIPS boundary. Instead we change KTLS so that it is disabled by default. We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and SSL_MODE_NO_KTLS_TX). Fixes #13794 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14799)

Diffstat (limited to 'test/http_test.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: