diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2001-08-03 08:45:13 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-08-03 08:45:13 +0000 |
commit | 06da6e49777285f50aeb1b920d950a9bd27fef52 (patch) | |
tree | 8d3eb57e387c364ecda0abe54a24acc33e80c1b5 /CHANGES | |
parent | b72faddc47811846d1cf28f04db2bd38422d9006 (diff) |
Don't disable rollback attack detection as a recommended bug workaround.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -12,6 +12,14 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended + bug workarounds. Rollback attack detection is a security feature. + The problem will only arise on OpenSSL servers, when TLSv1 is not + available (sslv3_server_method() or SSL_OP_NO_TLSv1). + Software authors not wanting to support TLSv1 will have special reasons + for their choice and can explicitly enable this option. + [Bodo Moeller, Lutz Jaenicke] + +) Rationalise EVP so it can be extended: don't include a union of cipher/digest structures, add init/cleanup functions. This also reduces the number of header dependencies. |