Jun 11, 2004
- Enabled SSL_RSA_WITH_3DES_EDE_CBC_SHA by default. The footprint remains the same, since 3DES was already included with the USE_ENCRYPTED_PRIVATE_KEYS define. Note that this is the preferred cipher for many SSL clients, so by enabling this cipher, communications will default to a stronger, but slower cipher.
Bug fixes and optimizations
- Safer memory usage for RSA blinding function. Code was already safe for 1024 and 2048 bit keys, but this ensures the safety.
- Properly compare the time in the session cache to ensure the oldest unused session is replaced first. Previously the oldest session may not have been chosen, and a newer one replaced instead.
- Fixed a null-termination error in a static buffer that caused a crash on some platforms using encrypted private keys.
- Improved example code handling of return codes of sslRead(). Clarified that a 0 return code may indicate either a successful parse of a record with no application data, or an EOF. Previously both cases were treated as EOF, which fits the examples, but isn't as useful for other applications.