| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.2l.
(cherry picked from commit ffd1bb8c599181e0733f8e00d8d8198b4ea6a73b)
|
| |
|
|
| |
Merge OpenSSL 1.0.2k.
|
| |
|
|
| |
Merge OpenSSL 1.0.2u.
|
| |\
| |
| |
| | |
Relnotes: yes
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| | | |
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Approved by: so (delphij), benl (silence)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
|
| |\ \
| |/
| |
| | |
Approved by: secteam (simon), benl (silence)
|
| |\ \
| |/
| |
| | |
Approved by: benl (maintainer)
|
| | |
| |
| |
| |
| |
| | |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|
| |\ \
| |/
| |
| | |
Approved by: re
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
support for AES and OpenBSD's hardware crypto.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
infringement reasons.
|
