Skip to content
  1. Dec 28, 2014
  2. Dec 25, 2014
  3. Dec 22, 2014
  4. Dec 20, 2014
  5. Dec 18, 2014
  6. Dec 17, 2014
  7. Dec 08, 2014
  8. Dec 04, 2014
  9. Nov 20, 2014
  10. Oct 28, 2014
    • Emilia Kasper's avatar
      Tighten session ticket handling · d663df23
      Emilia Kasper authored
      
      
      Tighten client-side session ticket handling during renegotiation:
      ensure that the client only accepts a session ticket if the server sends
      the extension anew in the ServerHello. Previously, a TLS client would
      reuse the old extension state and thus accept a session ticket if one was
      announced in the initial ServerHello.
      
      Reviewed-by: default avatarBodo Moeller <bodo@openssl.org>
      d663df23
  11. Oct 27, 2014
  12. Oct 22, 2014
  13. Oct 15, 2014
  14. Oct 02, 2014
  15. Sep 29, 2014
  16. Sep 23, 2014
  17. Sep 05, 2014
  18. Aug 15, 2014
  19. Aug 01, 2014
  20. Jul 22, 2014
  21. Jul 04, 2014
  22. Jun 01, 2014
  23. May 23, 2014
  24. Apr 26, 2014
  25. Apr 22, 2014
  26. Apr 07, 2014
    • Dr. Stephen Henson's avatar
      Add heartbeat extension bounds check. · 731f4314
      Dr. Stephen Henson authored
      A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
      
      Thanks for Neel Mehta of Google Security for discovering this bug and to
      Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
      preparing the fix (CVE-2014-0160)
      (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
      731f4314
  27. Apr 05, 2014