Loading CHANGES +1 −17 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ Changes between 1.0.1j and 1.0.2 [xx XXX xxxx] Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] *) SRTP Memory Leak. Loading Loading @@ -43,22 +43,6 @@ (CVE-2014-3566) [Adam Langley, Bodo Moeller] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. [Emilia Käsper] *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] Loading Loading
CHANGES +1 −17 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ Changes between 1.0.1j and 1.0.2 [xx XXX xxxx] Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] *) SRTP Memory Leak. Loading Loading @@ -43,22 +43,6 @@ (CVE-2014-3566) [Adam Langley, Bodo Moeller] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. [Emilia Käsper] *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] Loading
Matt Caswell <matt@openssl.org> (cherry picked from commit 31832e8f) Conflicts: CHANGES