diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-04-29 16:36:36 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-05-05 14:05:19 +0200 |
commit | bd164884f258d99ca876f6cdcdf9bd0dcceee6ad (patch) | |
tree | dcae6d54718756e8dbe48eeee6d2f75ee52457e6 /CHANGES | |
parent | ac2d4cb656b3a796db3dc6f8873e91e67907372d (diff) |
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 24 |
1 files changed, 14 insertions, 10 deletions
@@ -9,20 +9,24 @@ Changes between 1.1.1o and 1.1.1p [xx XXX xxxx] - *) + *) When OpenSSL TLS client is connecting without any supported elliptic + curves and TLS-1.3 protocol is disabled the connection will no longer fail + if a ciphersuite that does not use a key exchange based on elliptic + curves can be negotiated. + [Tomáš Mráz] Changes between 1.1.1n and 1.1.1o [3 May 2022] *) Fixed a bug in the c_rehash script which was not properly sanitising shell - metacharacters to prevent command injection. This script is distributed by - some operating systems in a manner where it is automatically executed. On - such operating systems, an attacker could execute arbitrary commands with the - privileges of the script. - - Use of the c_rehash script is considered obsolete and should be replaced - by the OpenSSL rehash command line tool. - (CVE-2022-1292) - [Tomáš Mráz] + metacharacters to prevent command injection. This script is distributed + by some operating systems in a manner where it is automatically executed. + On such operating systems, an attacker could execute arbitrary commands + with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] Changes between 1.1.1m and 1.1.1n [15 Mar 2022] |