Release Notes

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite

22 Known Issues

RSA BSAFE Micro Edition Suite 4.4 Release Notes

BSFMES-1371 A signed data Cryptographic Message Syntax (CMS) message can be

created with detached content data that is a streamed CMS message.

It might not be possible to verify the signature on the signed data

message in a non-streaming context.

Workaround:

A signed data CMS message with detached streaming data can be

verified using a CMS BIO with a verification context. For a sample

program demonstrating this functionality, see Sample Programs >

Cryptographic Message Syntax Operations > Streaming

Interface > Verify Signed Data Messages using Streaming in the

RSA BSAFE Micro Edition Suite Developers Guide.

BSFMES-1370 R_CERT_INFO_ISSUER_UNIQUE_ID includes different information

for public key certificates and attribute certificates. For a public key

certificate, includes the leading byte (indicating the number of unused

bits), but for an attribute certificate does not include the leading byte.

BSFMES-1362 TLS Hello message parsing must check extension data before setting

handshake properties.

BSFMES-1361 The TLS server cannot optionally refuse to process the SNI TLS

extension.

BSFMES-1294

SSL BIO does not process TLS errors that indicate TLS extension

processing is needed.

BSFMES-1291 R_SSL_want_proc_ext() refers to a field in a non-public data

structure and will not work in an application.

BSFMES-1290 The OCSP code should check the nextUpdate time before returning

when the certificate was already checked.

BSFMES-1286 TLS OCSP Certificate Status Request does not inter-operate with

OpenSSL.

BSFMES-1133 External SSL cache size is incorrectly limited by the internal cache

size.

BSFMES-1084

R_PKCS12_get_info()

with

R_PKCS12_INFO_ID_MAC_ITERATION_COUNT

does not work after

the PKCS #12 message was decoded using

R_PKCS12_decode()

BSFMES-1078

Calling the deprecated function R_CM_get_info() with

R_CM_INFO_SIGNER_ATTR does not retrieve the attribute data. The

attribute data should be retrieved using the OID.

BSFMES-1072 A client performing client authentication with TLS 1.2 might

incorrectly select or exclude some signature algorithms when used

with PKCS #11, or where the digest size is close to the key size.

BSFMES-1063

R_SSL_SESSION_print() does not print details of the Suite B status

of a connection.

Table 5 Known Issues (continued)

ID Description