| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't allow too many consecutive warning alerts
Certain warning alerts are ignored if they are received. This can mean that
no progress will be made if one peer continually sends those warning alerts.
Implement a count so that we abort the connection if we receive too many.
Issue reported by Shi Lei.
This is a direct commit to stable/10 and stable/9.
Security: CVE-2016-8610
|
| |
|
|
|
|
| |
Relnotes: yes
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1n.
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
|
|
|
| |
Merge OpenSSL 1.0.1k.
|
|
|
|
| |
Merge OpenSSL 1.0.1i.
|
|
|
|
| |
Merge OpenSSL 1.0.1f and 1.0.1g.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
|
|\
| |
| |
| | |
Approved by: secteam (simon), benl (silence)
|
|\ \
| |/
| |
| | |
Approved by: benl (maintainer)
|
| |
| |
| |
| |
| |
| | |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|
|\ \
| |/
| |
| | |
Approved by: re
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
support for AES and OpenBSD's hardware crypto.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
infringement reasons.
|