Skip to content

Commit

Permalink
Add newsfragment
Browse files Browse the repository at this point in the history
  • Loading branch information
@CoolCat467
CoolCat467 committed Sep 29, 2024
1 parent c91eef4 commit 332f111
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions newsfragments/3097.removal.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Some old versions of OpenSSL have a bug with memory BIOs, where DTLSv1_listen consumes the ClientHello out of the BIO,
but then do_handshake expects the ClientHello to still be in there (but not the one that ships with Ubuntu 20.04). In
particular, this is known to affect the OpenSSL v1.1.1 that ships with Ubuntu 18.04. To work around this, we used to deliver a
second copy of the ClientHello after DTLSv1_listen has completed. This was safe to do unconditionally, because on newer
versions of OpenSSL, the second ClientHello is treated as a duplicate packet, which is a normal thing that can happen
over UDP. For more details, see:

https://github.com/pyca/pyopenssl/blob/e84e7b57d1838de70ab7a27089fbee78ce0d2106/tests/test_ssl.py#L4226-L4293

This was fixed in v1.1.1a, and all later versions. So now we should be able to delete this. The fix landed in
OpenSSL master as 079ef6bd534d2, and then was backported to the 1.1.1 branch as d1bfd8076e28.

0 comments on commit 332f111

Please sign in to comment.