Skip to content
  1. Nov 30, 2015
  2. Nov 24, 2015
  3. Nov 23, 2015
  4. Nov 22, 2015
  5. Nov 21, 2015
  6. Nov 20, 2015
  7. Nov 19, 2015
  8. Nov 18, 2015
  9. Nov 16, 2015
  10. Nov 13, 2015
  11. Nov 11, 2015
  12. Nov 10, 2015
    • Matt Caswell's avatar
      Stop DTLS servers asking for unsafe legacy renegotiation · d40ec4ab
      Matt Caswell authored
      
      
      If a DTLS client that does not support secure renegotiation connects to an
      OpenSSL DTLS server then, by default, renegotiation is disabled. If a
      server application attempts to initiate a renegotiation then OpenSSL is
      supposed to prevent this. However due to a discrepancy between the TLS and
      DTLS code, the server sends a HelloRequest anyway in DTLS.
      
      This is not a security concern because the handshake will still fail later
      in the process when the client responds with a ClientHello.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      d40ec4ab
    • Matt Caswell's avatar
      Only call ssl3_init_finished_mac once for DTLS · 15a7164e
      Matt Caswell authored
      
      
      In DTLS if an IO retry occurs during writing of a fragmented ClientHello
      then we can end up reseting the finish mac variables on the retry, which
      causes a handshake failure. We should only reset on the first attempt not
      on retries.
      
      Thanks to BoringSSL for reporting this issue.
      
      RT#4119
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      15a7164e
  13. Nov 09, 2015
  14. Nov 08, 2015
  15. Nov 04, 2015
  16. Nov 02, 2015
  17. Nov 01, 2015
  18. Oct 29, 2015
  19. Oct 23, 2015
  20. Oct 22, 2015