mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-30 00:00:16 +01:00
ddb94d4e27
Although RSA can be used directly for signing / JWS on large chunks of data since it's only operating on the hash, when JWE support arrives, which allows bulk encryption, it's going to be mandatory to support secondary AES ciphers to use on the bulk data. This adds generic support for all AES modes that OpenSSL and mbedTLS have in common, works on both mbedTLS and OpenSSL the same, and adds unit tests for each mode in api-test-gencrypto, to run in CI. |
||
|---|---|---|
| .. | ||
| mainpage.md | ||
| README.build.md | ||
| README.ci.md | ||
| README.coding.md | ||
| README.content-security-policy.md | ||
| README.contributing.md | ||
| README.crypto-apis.md | ||
| README.esp32.md | ||
| README.generic-sessions.md | ||
| README.generic-table.md | ||
| README.http-fallback.md | ||
| README.lwsws.md | ||
| README.plugin-acme.md | ||
| README.plugin-sshd-base.md | ||
| README.problems.md | ||
| README.release-policy.md | ||
| README.test-apps.md | ||
| README.unix-domain-reverse-proxy.md | ||
| README.vulnerability-reporting.md | ||
| release-checklist | ||
Vulnerability Reporting
If you become aware of an issue with lws that has a security
dimension for users, please contact andy@warmcat.com by
direct email.
Procedure for announcing vulnerability fixes
The problem and fixed versions will be announced on the libwebsockets mailing list and a note added to the master README.md.