]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
a7304e4b DSH |
5 | Changes between 1.0.1f and 1.0.1g [xx XXX xxxx] |
6 | ||
4a55631e DSH |
7 | *) TLS pad extension: draft-agl-tls-padding-02 |
8 | ||
9 | Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the | |
10 | TLS client Hello record length value would otherwise be > 255 and | |
11 | less that 512 pad with a dummy extension containing zeroes so it | |
12 | is at least 512 bytes long. | |
13 | ||
14 | To enable it use an unused extension number (for example chrome uses | |
15 | 35655) using: | |
16 | ||
17 | e.g. -DTLSEXT_TYPE_padding=35655 | |
18 | ||
19 | Since the extension is ignored the actual number doesn't matter as long | |
20 | as it doesn't clash with any existing extension. | |
21 | ||
22 | This will be updated when the extension gets an official number. | |
23 | ||
24 | [Adam Langley, Steve Henson] | |
a7304e4b | 25 | |
0d877634 | 26 | Changes between 1.0.1e and 1.0.1f [6 Jan 2014] |
3151e328 | 27 | |
197e0ea8 DSH |
28 | *) Fix for TLS record tampering bug. A carefully crafted invalid |
29 | handshake could crash OpenSSL with a NULL pointer exception. | |
30 | Thanks to Anton Johansson for reporting this issues. | |
31 | (CVE-2013-4353) | |
32 | ||
34628967 DSH |
33 | *) Keep original DTLS digest and encryption contexts in retransmission |
34 | structures so we can use the previous session parameters if they need | |
35 | to be resent. (CVE-2013-6450) | |
36 | [Steve Henson] | |
37 | ||
13bca90a RS |
38 | *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which |
39 | avoids preferring ECDHE-ECDSA ciphers when the client appears to be | |
40 | Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for | |
41 | several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug | |
42 | is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing | |
43 | 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. | |
44 | [Rob Stradling, Adam Langley] | |
3151e328 | 45 | |
f66db68e | 46 | Changes between 1.0.1d and 1.0.1e [11 Feb 2013] |
41cf07f0 | 47 | |
625a5532 DSH |
48 | *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI |
49 | supporting platforms or when small records were transferred. | |
50 | [Andy Polyakov, Steve Henson] | |
41cf07f0 | 51 | |
df0d9356 | 52 | Changes between 1.0.1c and 1.0.1d [5 Feb 2013] |
d9c34505 | 53 | |
df0d9356 | 54 | *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. |
f1ca56a6 DSH |
55 | |
56 | This addresses the flaw in CBC record processing discovered by | |
57 | Nadhem Alfardan and Kenny Paterson. Details of this attack can be found | |
58 | at: http://www.isg.rhul.ac.uk/tls/ | |
59 | ||
60 | Thanks go to Nadhem Alfardan and Kenny Paterson of the Information | |
61 | Security Group at Royal Holloway, University of London | |
62 | (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and | |
63 |