openwrtv4/package
Jo-Philipp Wich a28deda590 openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.

The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.

Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.

References:

 * https://dev.openwrt.org/ticket/19101
 * https://community.openvpn.net/openvpn/ticket/524
 * https://github.com/ARMmbed/mbedtls/pull/185

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45602
2015-05-04 08:49:21 +00:00
..
base-files base-files: fix logic error in led default handling (patch from #19593) 2015-05-03 18:04:27 +00:00
boot mvebu: add support for the Linksys Caiman and Cobra 2015-04-16 09:54:39 +00:00
devel binutils/oprofile: disable mips16 to fix build errors (#19522) 2015-04-20 15:01:21 +00:00
firmware kernel: add staging r8188eu module (3.13) 2014-04-30 21:53:29 +00:00
kernel netsupport: package L2TPv3 over IPv6 as well 2015-05-02 07:44:47 +00:00
libs nettle: bump to 3.1.1 2015-05-03 11:19:42 +00:00
network openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101) 2015-05-04 08:49:21 +00:00
system Removed reference to imaginary procd_add_interface_reload in procd.sh 2015-04-18 10:19:02 +00:00
utils Revert "nvram: increase NVRAM size to 64 KiB" 2015-04-24 15:38:38 +00:00
Makefile build: add integration for managing opkg package feed keys 2015-04-06 19:39:51 +00:00