From bcc007270e90ed453576fe3cc145c48e529d9bda Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 12 Feb 2013 00:39:28 +0000 Subject: [PATCH] Document recent OpenSSL brokenness, update GnuTLS/DTLS info Signed-off-by: David Woodhouse --- www/technical.xml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/www/technical.xml b/www/technical.xml index 644e095d..89ee1c8c 100644 --- a/www/technical.xml +++ b/www/technical.xml @@ -39,9 +39,11 @@ implementation of DTLS.

Compatibility support for their "speshul" version of the protocol is in the 0.9.8m and later releases of OpenSSL (and 1.0.0-beta2 and later).

+

NOTE: OpenSSL 1.0.0k, 1.0.1d and 1.0.1e have introduced bugs which +break this compatibility. See the thread on the mailing list, which has patches for each.

-

If you are using an older version of OpenSSL, DTLS will -only work if you apply this patch from OpenSSL CVS:

+

If you are using an older version of OpenSSL which predates the +compatibility, you will need to apply this patch from OpenSSL CVS:

@@ -55,12 +57,7 @@ The username/password for OpenSSL RT is 'guest/guest'

GnuTLS

-

Support for Cisco's version of DTLS was included in GnuTLS in June 2012, in - -commit fd5ca1af which will be part of GnuTLS 3.1.

- -

The same patch will hopefully also be applied to the GnuTLS 3.0.x release branch -for 3.0.21, or it can be applied manually from here.

+

Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.

-- 2.50.1