tested, because kernel is not in shape to handle it *yet*. The code is
committed mostly to stimulate the kernel development.

(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley

If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.

Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...

PR: 2791
Submitted by: Ben Noordhuis

PR: 2790
Submitted by: Alexei Khlebnikov

PR: 2538

countermeasure.

PR: 2778

s_server.

Localize client hello extension parsing in t1_lib.c

enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.

PR: 2778

add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.

Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

PR: 2780

PR: 2775

PR: 2761
Submitted by: Corinna Vinschen

PR: 2776

Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.

Fix memory leaks in 'goto err' cases.

workaround.