diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-16 09:51:56 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-16 10:10:05 +0000 |
commit | d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef (patch) | |
tree | ec996d7631b116a6425dc84c4ea1785c669ce55b /CHANGES | |
parent | 2c55b28a34624c18e3d05dfd7acb78895e3a64e6 (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 1.1.0a and 1.1.1 [xx XXX xxxx] + Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] *) Add support for SipHash [Todd Short] @@ -24,6 +24,19 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] *) Truncated packet could crash via OOB read |