Skip to content
  1. May 16, 2012
  2. May 13, 2012
  3. May 11, 2012
    • Dr. Stephen Henson's avatar
      PR: 2813 · 482f2380
      Dr. Stephen Henson authored
      Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
      
      Fix possible deadlock when decoding public keys.
      482f2380
    • Dr. Stephen Henson's avatar
      PR: 2811 · 5e145e54
      Dr. Stephen Henson authored
      Reported by: Phil Pennock <openssl-dev@spodhuis.org>
      
      Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
      version client hello workaround if renegotiating.
      5e145e54
  4. May 10, 2012
  5. May 04, 2012
  6. Apr 27, 2012
  7. Apr 26, 2012
  8. Apr 25, 2012
  9. Apr 24, 2012
  10. Apr 22, 2012
  11. Apr 20, 2012
  12. Apr 19, 2012
  13. Apr 18, 2012
  14. Apr 17, 2012
    • Bodo Möller's avatar
      Disable SHA-2 ciphersuites in < TLS 1.2 connections. · bb3add20
      Bodo Möller authored
      (TLS 1.2 clients could end up negotiating these with an OpenSSL server
      with TLS 1.2 disabled, which is problematic.)
      
      Submitted by: Adam Langley
      bb3add20
    • Dr. Stephen Henson's avatar
      Additional workaround for PR#2771 · 48e0f666
      Dr. Stephen Henson authored
      If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
      ciphersuites to this value. A value of 50 should be sufficient.
      
      Document workarounds in CHANGES.
      48e0f666
    • Dr. Stephen Henson's avatar
      Partial workaround for PR#2771. · 32213fb2
      Dr. Stephen Henson authored
      Some servers hang when presented with a client hello record length exceeding
      255 bytes but will work with longer client hellos if the TLS record version
      in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
      cases...
      32213fb2
  15. Apr 16, 2012
  16. Apr 15, 2012
  17. Apr 12, 2012