diff options
author | Bodo Möller <bodo@openssl.org> | 2006-09-12 14:42:19 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2006-09-12 14:42:19 +0000 |
commit | b6699c3f074c891d62bd8287d75e4ace1176ed16 (patch) | |
tree | 5f29929a24701336d0d6384733dbf7bcc89be044 /CHANGES | |
parent | 016bc5ceb3bf3f60c7ff71326e3b95088ae05d2a (diff) |
Update
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -381,7 +381,8 @@ *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites match only those. Before that, "AES256-SHA" would be interpreted - as a pattern and match "AES128-SHA" too since we currently only + as a pattern and match "AES128-SHA" too (since AES128-SHA got + the same strength classification in 0.9.7h) as we currently only have a single AES bit in the ciphersuite description bitmap. That change, however, also applied to ciphersuite strings such as "RC4-MD5" that intentionally matched multiple ciphersuites -- @@ -1366,6 +1367,17 @@ differing sizes. [Richard Levitte] + Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] + + *) Change ciphersuite string processing so that an explicit + ciphersuite selects this one ciphersuite (so that "AES256-SHA" + will no longer include "AES128-SHA"), and any other similar + ciphersuite (same bitmap) from *other* protocol versions (so that + "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the + SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining + changes from 0.9.8b and 0.9.8d. + [Bodo Moeller] + Changes between 0.9.7j and 0.9.7k [05 Sep 2006] *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher |