diff options
| author | Bodo Möller <bodo@openssl.org> | 2006-09-11 09:49:03 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2006-09-11 09:49:03 +0000 |
| commit | ed65f7dc342297abbad9ad5662bca588f904b4f6 (patch) | |
| tree | 55ef951908677458db12926c8ecb673fa83d669e /CHANGES | |
| parent | 4d50a2b4d6ae7618844380c1ebd5437226286db7 (diff) | |
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8c and 0.9.9 [xx XXX xxxx] + Changes between 0.9.8d and 0.9.9 [xx XXX xxxx] *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. Modify get_crl() to find a valid (unexpired) CRL if possible. @@ -379,6 +379,32 @@ Changes between 0.9.8c and 0.9.8d [xx XXX xxxx] + *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites + match only those. Before that, "AES256-SHA" would be interpreted + as a pattern and match "AES128-SHA" too since we currently only + have a single AES bit in the ciphersuite description bitmap. + That change, however, also applied to ciphersuite strings such as + "RC4-MD5" that intentionally matched multiple ciphersuites -- + namely, SSL 2.0 ciphersuites in addition to the more common ones + from SSL 3.0/TLS 1.0. + + So we change the selection algorithm again: Naming an explicit + ciphersuite selects this one ciphersuite, and any other similar + ciphersuite (same bitmap) from *other* protocol versions. + Thus, "RC4-MD5" again will properly select both the SSL 2.0 + ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. + + Since SSL 2.0 does not have any ciphersuites for which the + 128/256 bit distinction would be relevant, this works for now. + The proper fix will be to use different bits for AES128 and + AES256, which would have avoided the problems from the beginning; + however, bits are scarce, so we can only do this in a new release + (not just a patchlevel) when we can change the SSL_CIPHER + definition to split the single 'unsigned long mask' bitmap into + multiple values to extend the available space. + + [Bodo Moeller] + Changes between 0.9.8b and 0.9.8c [05 Sep 2006] *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher |