there is no minimum length for session IDs

PR: 274
author: Bodo Möller <bodo@openssl.org> 2002-09-19 11:44:07 +0000
committer: Bodo Möller <bodo@openssl.org> 2002-09-19 11:44:07 +0000
commit: a4f53a1c736a7c4cd9684d892ab4f33318a77a51 (patch)
tree: 61165be39376071acbb66971db0ebacdd582e62a /CHANGES
parent: a90ae02454ed755a56a00943ea49195c6b565655 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0cfe8adc9b..b217662840 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1923,6 +1923,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
 
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
   *) Fix race condition in SSLv3_client_method().
      [Bodo Moeller]
author	Bodo Möller <bodo@openssl.org>	2002-09-19 11:44:07 +0000
committer	Bodo Möller <bodo@openssl.org>	2002-09-19 11:44:07 +0000
commit	a4f53a1c736a7c4cd9684d892ab4f33318a77a51 (patch)
tree	61165be39376071acbb66971db0ebacdd582e62a /CHANGES
parent	a90ae02454ed755a56a00943ea49195c6b565655 (diff)