Merge support for 1/n-1 record splitting

2025-12-22 05:46:41 +01:00 · 2015-01-13 16:31:34 +01:00 · 2015-01-13 16:31:34 +01:00 · f3561154ff
commit f3561154ff
parent f6080b8557 3ff78239fe
7 changed files with 185 additions and 5 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -886,6 +886,18 @@
 */
 //#define POLARSSL_SSL_HW_RECORD_ACCEL

+/**
+ * \def POLARSSL_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING
+
 /**
 * \def POLARSSL_SSL_DISABLE_RENEGOTIATION
 *