diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-10-28 17:35:59 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-10-28 17:35:59 +0100 |
commit | d663df2399d1d9d6015bcfd2ec87b925ea3558a2 (patch) | |
tree | 088b028800ef69149db550d83e26180df5548168 /CHANGES | |
parent | 49b0dfc5026338f1227fdb0f9b3c18485dc459e9 (diff) |
Tighten session ticket handling
Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -305,6 +305,13 @@ Changes between 1.0.1j and 1.0.2 [xx XXX xxxx] + *) Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. + [Emilia Käsper] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] @@ -625,6 +632,15 @@ X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_get_signature were reverted post internal team review. + Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + + *) Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. + [Emilia Käsper] + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] *) SRTP Memory Leak. |