diff options
| author | Rajeev Ranjan <ranjan.rajeev@siemens.com> | 2023-12-01 12:47:07 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-05-14 15:39:15 +0200 |
| commit | b6a5e801679663c13875cf6e18f475f8700d72a9 (patch) | |
| tree | 437ddfdbc1fbcf49974cc2daa89bfeadd68876ae /INSTALL.md | |
| parent | cipher_null.c: add NULL check (diff) | |
| download | openssl-b6a5e801679663c13875cf6e18f475f8700d72a9.tar.xz openssl-b6a5e801679663c13875cf6e18f475f8700d72a9.zip | |
Add support for integrity-only cipher suites for TLS v1.3
- add test vectors for tls1_3 integrity-only ciphers
- recmethod_local.h: add new member for MAC
- tls13_meth.c: add MAC only to tls 1.3
- tls13_enc.c: extend function to add MAC only
- ssl_local.h: add ssl_cipher_get_evp_md_mac()
- s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
- ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it
- tls13secretstest.c: add dummy test function
- Configure: add integrity-only-ciphers option
- document the new ciphers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22903)
Diffstat (limited to 'INSTALL.md')
| -rw-r--r-- | INSTALL.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/INSTALL.md b/INSTALL.md index a34de9bbf8..6073979bc0 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1117,6 +1117,10 @@ synonymous with `no-ssl3`. Note this only affects version negotiation. OpenSSL will still provide the methods for applications to explicitly select the individual protocol versions. +### no-integrity-only-ciphers + +Don't build support for integrity only ciphers in tls. + ### no-{protocol}-method no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method |