diff options
author | Matt Caswell <matt@openssl.org> | 2016-01-28 12:28:53 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-01-28 17:06:38 +0000 |
commit | bea4cb2e804160f08bd7f10286946c422e38ac3c (patch) | |
tree | 69358016bb6b9ff86ab856150ef70f2036e2505e | |
parent | 5fed60f9622c023c358f2f8e5cb6692b5cc2d9bb (diff) |
Further updates to CHANGES and NEWS
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | CHANGES | 7 | ||||
-rw-r--r-- | NEWS | 1 |
2 files changed, 8 insertions, 0 deletions
@@ -4,6 +4,13 @@ Changes between 1.0.1q and 1.0.1r [xx XXX xxxx] + *) Protection for DH small subgroup attacks + + As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been + switched on by default and cannot be disabled. This could have some + performance impact. + [Matt Caswell] + *) SSLv2 doesn't block disabled ciphers A malicious client can negotiate SSLv2 ciphers that have been disabled on @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [under development] + o Protection for DH small subgroup attacks o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] |