summaryrefslogtreecommitdiff
path: root/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: update to version 2.3.10Felix Fietkau2016-01-111-14/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48201
* openvpn: bump to 2.3.7.Felix Fietkau2015-06-181-4/+2
| | | | | | | | Two patches are dropped as they were already applied upstream. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 46027
* openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)Jo-Philipp Wich2015-05-041-0/+16
OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
generated by cgit v1.1 at 2024-08-16 22:22:27 +0000