diff options
Diffstat (limited to 'crypto/openssl/CHANGES')
-rw-r--r-- | crypto/openssl/CHANGES | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index d920954..b84ff94 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,30 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1q and 1.0.1r [28 Jan 2016] + + *) Protection for DH small subgroup attacks + + As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been + switched on by default and cannot be disabled. This could have some + performance impact. + [Matt Caswell] + + *) SSLv2 doesn't block disabled ciphers + + A malicious client can negotiate SSLv2 ciphers that have been disabled on + the server and complete SSLv2 handshakes even if all SSLv2 ciphers have + been disabled, provided that the SSLv2 protocol was not also disabled via + SSL_OP_NO_SSLv2. + + This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram + and Sebastian Schinzel. + (CVE-2015-3197) + [Viktor Dukhovni] + + *) Reject DH handshakes with parameters shorter than 1024 bits. + [Kurt Roeckx] + Changes between 1.0.1p and 1.0.1q [3 Dec 2015] *) Certificate verify crash with missing PSS parameter |