diff options
author | Ben Laurie <ben@openssl.org> | 2009-11-05 11:28:37 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2009-11-05 11:28:37 +0000 |
commit | 949fbf073ad23fc0a25aa12011a0325901416180 (patch) | |
tree | 4af836aff2c867e11fde629a27338b4d71cb0a0a /CHANGES | |
parent | 6156be4da3ab60c1426e21332f91d560c8c10c82 (diff) |
Disable renegotiation.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -4,6 +4,13 @@ Changes between 0.9.8k and 0.9.8l [xx XXX xxxx] + *) Disable renegotiation completely - this fixes a severe security + problem at the cost of breaking all renegotiation. Renegotiation + can be re-enabled by setting + OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at + compile-time. This is really not recommended. + [Ben Laurie] + *) Fixes to stateless session resumption handling. Use initial_ctx when issuing and attempting to decrypt tickets in case it has changed during servername handling. Use a non-zero length session ID when attempting |