Add 1/n-1 record splitting

2015-01-07 12:39:44 +01:00 · 2015-01-07 12:39:44 +01:00 · d76314c44c
commit d76314c44c
parent edd371a82c
4 changed files with 64 additions and 0 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -821,6 +821,18 @@
 */
 //#define POLARSSL_SSL_HW_RECORD_ACCEL

+/**
+ * \def POLARSSL_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING
+
 /**
 * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 *