diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2020-06-04 11:40:29 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-06-09 14:11:19 +0200 |
commit | 11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 (patch) | |
tree | 30a7c0f99180ec1712fc5d59e698646448389082 /CHANGES.md | |
parent | 7646610b6a2c53ae50ed453c88291c23630e7850 (diff) |
Do not allow dropping Extended Master Secret extension on renegotiaton
Abort renegotiation if server receives client hello with Extended Master
Secret extension dropped in comparison to the initial session.
Fixes #9754
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index ca60b9c2e4..24fb86fddb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + + *Tomas Mraz* + * Dropped interactive mode from the 'openssl' program. From now on, the `openssl` command without arguments is equivalent to `openssl help`. |