Update from 1.0.0-stable

author: Dr. Stephen Henson <steve@openssl.org> 2009-04-08 16:16:35 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-04-08 16:16:35 +0000
commit: 22c98d4aad76f39ab19e5b63e1448c7d28ca7617 (patch)
tree: 5fbd0b38a159c7b210b3456707ae7c0f44ca8b06 /CHANGES
parent: cc7399e79cbe45ad363d2a67dd04cb599f9481eb (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index e8f1748ac7..dff85b2b6e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+
   *) Alter match criteria in PKCS12_parse(). It used to try to use local
      key ids to find matching certificates and keys but some PKCS#12 files
      don't follow the (somewhat unwritten) rules and this strategy fails.
author	Dr. Stephen Henson <steve@openssl.org>	2009-04-08 16:16:35 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-04-08 16:16:35 +0000
commit	22c98d4aad76f39ab19e5b63e1448c7d28ca7617 (patch)
tree	5fbd0b38a159c7b210b3456707ae7c0f44ca8b06 /CHANGES
parent	cc7399e79cbe45ad363d2a67dd04cb599f9481eb (diff)