Skip to content
  1. Jan 18, 2012
    • Yang Tse's avatar
      OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled · a20daf90
      Yang Tse authored
      SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull
      interoperability with web server Netscape Enterprise Server 2.0.1 released
      back in 1996 more than 15 years ago.
      
      Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
      become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
      CVE-2010-4180 when using previous OpenSSL versions we no longer enable
      this option regardless of OpenSSL version and SSL_OP_ALL definition.
      a20daf90
  2. Jan 17, 2012
  3. Jan 16, 2012
  4. Jan 15, 2012
  5. Jan 14, 2012
  6. Jan 13, 2012
  7. Jan 12, 2012
  8. Jan 09, 2012
  9. Jan 08, 2012
  10. Jan 06, 2012
  11. Jan 05, 2012
  12. Jan 04, 2012
  13. Jan 03, 2012
  14. Jan 02, 2012