diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-20 15:26:50 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-12-20 23:12:18 +0000 |
commit | 34628967f1e65dc8f34e000f0f5518e21afbfc7b (patch) | |
tree | c7a2fa589782c89a05845733b12df9d437140689 /CHANGES | |
parent | a6c62f0c25a756c263a80ce52afbae888028e986 (diff) |
Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -4,6 +4,11 @@ Changes between 1.0.1e and 1.0.1f [xx XXX xxxx] + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for |