diff options
author | Bodo Möller <bodo@openssl.org> | 2000-07-29 18:50:41 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2000-07-29 18:50:41 +0000 |
commit | 37569e64e8012014a4b027d896da6c6cdf372507 (patch) | |
tree | 5a9b45aaab90f88ef9770f6d896e81f2fd6e7066 /CHANGES | |
parent | a657546f9c376f4b7ba4dce14649598fb1a38de5 (diff) |
Fix SSL 2.0 rollback checking: The previous implementation of the
test was never triggered due to an off-by-one error.
In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -4,6 +4,15 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Fix SSL 2.0 rollback checking: The previous implementation of the + test was never triggered due to an off-by-one error in + RSA_padding_check_SSLv23(). + In s23_clnt.c, don't use special rollback-attack detection padding + (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the + client; similarly, in s23_srvr.c, don't do the rollback check if + SSL 2.0 is the only protocol enabled in the server. + [Bodo Moeller] + *) Make it possible to get hexdumps of unprintable data with 'openssl asn1parse'. By implication, the functions ASN1_parse_dump() and BIO_dump_indent() are added. |