Loading CHANGES +184 −16 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the difference in days and seconds between two tm or ASN1_TIME structures. Loading Loading @@ -58,7 +58,7 @@ [Steve Henson] *) New ctrl and macro to retrieve supported points extensions. Print out extension in s_server. Print out extension in s_server and s_client. [Steve Henson] *) New functions to retrieve certificate signature and signature Loading Loading @@ -189,16 +189,10 @@ platform support for Linux and Android. [Andy Polyakov] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change current certificate to the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. [Rob Stradling <rob.stradling@comodo.com>] *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] *) RFC 5878 support. *) RFC 5878 (TLS Authorization Extensions) support. [Emilia Kasper, Adam Langley, Ben Laurie (Google)] *) Experimental multi-implementation support for FIPS capable OpenSSL. Loading Loading @@ -256,11 +250,48 @@ certificates. [Steve Henson] Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] Changes between 1.0.1d and 1.0.1e [11 Feb 2013] *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI supporting platforms or when small records were transferred. [Andy Polyakov, Steve Henson] Changes between 1.0.1c and 1.0.1d [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. Thanks go to and to Adam Langley <agl@chromium.org> for discovering and detecting this bug and to Wolfgang Ettlinger <wolfgang.ettlinger@gmail.com> for independently discovering this issue. (CVE-2012-2686) [Adam Langley] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Make openssl verify return errors. [Chris Palmer <palmer@google.com> and Ben Laurie] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. [Rob Stradling <rob.stradling@comodo.com>] *) Fix possible deadlock when decoding public keys. [Steve Henson] Loading @@ -271,7 +302,7 @@ Changes between 1.0.1b and 1.0.1c [10 May 2012] *) Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to avoid DoS attack. 1.2, 1.1 and DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. Loading Loading @@ -324,7 +355,7 @@ [Adam Langley] *) Workarounds for some broken servers that "hang" if a client hello record length exceeds 255 bytes: record length exceeds 255 bytes. 1. Do not use record version number > TLS 1.0 in initial client hello: some (but not all) hanging servers will now work. Loading Loading @@ -623,6 +654,63 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0j and 1.0.0k [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. (This is a backport) [Rob Stradling <rob.stradling@comodo.com>] *) Fix possible deadlock when decoding public keys. [Steve Henson] Changes between 1.0.0i and 1.0.0j [10 May 2012] [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after OpenSSL 1.0.1.] *) Sanity check record length before skipping explicit IV in DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) [Steve Henson] *) Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue. [Steve Henson] Changes between 1.0.0h and 1.0.0i [19 Apr 2012] *) Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) [Adam Langley (Google), Tavis Ormandy, Google Security Team] Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness Loading Loading @@ -1613,6 +1701,86 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8x and 0.9.8y [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. (This is a backport) [Rob Stradling <rob.stradling@comodo.com>] *) Fix possible deadlock when decoding public keys. [Steve Henson] Changes between 0.9.8w and 0.9.8x [10 May 2012] *) Sanity check record length before skipping explicit IV in DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) [Steve Henson] *) Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue. [Steve Henson] Changes between 0.9.8v and 0.9.8w [23 Apr 2012] *) The fix for CVE-2012-2110 did not take into account that the 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. (CVE-2012-2131) [Tomas Hoger <thoger@redhat.com>] Changes between 0.9.8u and 0.9.8v [19 Apr 2012] *) Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) [Adam Langley (Google), Tavis Ormandy, Google Security Team] Changes between 0.9.8t and 0.9.8u [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. [Steve Henson] Changes between 0.9.8s and 0.9.8t [18 Jan 2012] *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Loading NEWS +77 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,35 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: o Corrected fix for CVE-2013-0169 Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix for TLS AESNI record handling flaw CVE-2012-2686 Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: o Fix TLS/DTLS record length checking bug CVE-2012-2333 o Don't attempt to use non-FIPS composite ciphers in FIPS mode. Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: o Fix compilation error on non-x86 platforms. o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: o Fix for ASN1 overflow bug CVE-2012-2110 o Workarounds for some servers that hang on long client hellos. o Fix SEGV in AES code. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. Loading @@ -18,6 +47,19 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading Loading @@ -90,6 +132,41 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: o Fix for DTLS DoS issue CVE-2012-0050 Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: o Fix for security issue CVE-2011-0014 Loading Loading
CHANGES +184 −16 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the difference in days and seconds between two tm or ASN1_TIME structures. Loading Loading @@ -58,7 +58,7 @@ [Steve Henson] *) New ctrl and macro to retrieve supported points extensions. Print out extension in s_server. Print out extension in s_server and s_client. [Steve Henson] *) New functions to retrieve certificate signature and signature Loading Loading @@ -189,16 +189,10 @@ platform support for Linux and Android. [Andy Polyakov] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change current certificate to the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. [Rob Stradling <rob.stradling@comodo.com>] *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] *) RFC 5878 support. *) RFC 5878 (TLS Authorization Extensions) support. [Emilia Kasper, Adam Langley, Ben Laurie (Google)] *) Experimental multi-implementation support for FIPS capable OpenSSL. Loading Loading @@ -256,11 +250,48 @@ certificates. [Steve Henson] Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] Changes between 1.0.1d and 1.0.1e [11 Feb 2013] *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI supporting platforms or when small records were transferred. [Andy Polyakov, Steve Henson] Changes between 1.0.1c and 1.0.1d [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. Thanks go to and to Adam Langley <agl@chromium.org> for discovering and detecting this bug and to Wolfgang Ettlinger <wolfgang.ettlinger@gmail.com> for independently discovering this issue. (CVE-2012-2686) [Adam Langley] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Make openssl verify return errors. [Chris Palmer <palmer@google.com> and Ben Laurie] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. [Rob Stradling <rob.stradling@comodo.com>] *) Fix possible deadlock when decoding public keys. [Steve Henson] Loading @@ -271,7 +302,7 @@ Changes between 1.0.1b and 1.0.1c [10 May 2012] *) Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to avoid DoS attack. 1.2, 1.1 and DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. Loading Loading @@ -324,7 +355,7 @@ [Adam Langley] *) Workarounds for some broken servers that "hang" if a client hello record length exceeds 255 bytes: record length exceeds 255 bytes. 1. Do not use record version number > TLS 1.0 in initial client hello: some (but not all) hanging servers will now work. Loading Loading @@ -623,6 +654,63 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0j and 1.0.0k [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. (This is a backport) [Rob Stradling <rob.stradling@comodo.com>] *) Fix possible deadlock when decoding public keys. [Steve Henson] Changes between 1.0.0i and 1.0.0j [10 May 2012] [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after OpenSSL 1.0.1.] *) Sanity check record length before skipping explicit IV in DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) [Steve Henson] *) Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue. [Steve Henson] Changes between 1.0.0h and 1.0.0i [19 Apr 2012] *) Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) [Adam Langley (Google), Tavis Ormandy, Google Security Team] Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness Loading Loading @@ -1613,6 +1701,86 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8x and 0.9.8y [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. (This is a backport) [Rob Stradling <rob.stradling@comodo.com>] *) Fix possible deadlock when decoding public keys. [Steve Henson] Changes between 0.9.8w and 0.9.8x [10 May 2012] *) Sanity check record length before skipping explicit IV in DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) [Steve Henson] *) Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue. [Steve Henson] Changes between 0.9.8v and 0.9.8w [23 Apr 2012] *) The fix for CVE-2012-2110 did not take into account that the 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. (CVE-2012-2131) [Tomas Hoger <thoger@redhat.com>] Changes between 0.9.8u and 0.9.8v [19 Apr 2012] *) Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) [Adam Langley (Google), Tavis Ormandy, Google Security Team] Changes between 0.9.8t and 0.9.8u [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. [Steve Henson] Changes between 0.9.8s and 0.9.8t [18 Jan 2012] *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Loading
NEWS +77 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,35 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: o Corrected fix for CVE-2013-0169 Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix for TLS AESNI record handling flaw CVE-2012-2686 Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: o Fix TLS/DTLS record length checking bug CVE-2012-2333 o Don't attempt to use non-FIPS composite ciphers in FIPS mode. Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: o Fix compilation error on non-x86 platforms. o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: o Fix for ASN1 overflow bug CVE-2012-2110 o Workarounds for some servers that hang on long client hellos. o Fix SEGV in AES code. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. Loading @@ -18,6 +47,19 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading Loading @@ -90,6 +132,41 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: o Fix for DTLS DoS issue CVE-2012-0050 Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: o Fix for security issue CVE-2011-0014 Loading
