Skip to content

Commit 332f111

Browse files
committed
Add newsfragment
1 parent c91eef4 commit 332f111

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

newsfragments/3097.removal.rst

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
Some old versions of OpenSSL have a bug with memory BIOs, where DTLSv1_listen consumes the ClientHello out of the BIO,
2+
but then do_handshake expects the ClientHello to still be in there (but not the one that ships with Ubuntu 20.04). In
3+
particular, this is known to affect the OpenSSL v1.1.1 that ships with Ubuntu 18.04. To work around this, we used to deliver a
4+
second copy of the ClientHello after DTLSv1_listen has completed. This was safe to do unconditionally, because on newer
5+
versions of OpenSSL, the second ClientHello is treated as a duplicate packet, which is a normal thing that can happen
6+
over UDP. For more details, see:
7+
8+
https://github.com/pyca/pyopenssl/blob/e84e7b57d1838de70ab7a27089fbee78ce0d2106/tests/test_ssl.py#L4226-L4293
9+
10+
This was fixed in v1.1.1a, and all later versions. So now we should be able to delete this. The fix landed in
11+
OpenSSL master as 079ef6bd534d2, and then was backported to the 1.1.1 branch as d1bfd8076e28.

0 commit comments

Comments
 (0)