Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-05-16 | s2_clnt.c: compensate for compiler bug [from HEAD]. | Andy Polyakov | |
2012-05-11 | PR: 2811 | Dr. Stephen Henson | |
Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating. | |||
2012-05-10 | PR: 2806 | Dr. Stephen Henson | |
Submitted by: PK <runningdoglackey@yahoo.com> Correct ciphersuite signature algorithm definitions. | |||
2012-05-10 | Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and | Dr. Stephen Henson | |
DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) | |||
2012-05-10 | Don't forget to install srtp.h as well | Richard Levitte | |
2012-05-10 | oops, revert unrelated change | Dr. Stephen Henson | |
2012-05-10 | Reported by: Solar Designer of Openwall | Dr. Stephen Henson | |
Make sure tkeylen is initialised properly when encrypting CMS messages. | |||
2012-04-26 | Don't try to use unvalidated composite ciphers in FIPS mode | Dr. Stephen Henson | |
2012-04-25 | Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and | Dr. Stephen Henson | |
OpenSSL 1.0.0. Add CHANGES entry noting the consequences. | |||
2012-04-25 | s23_clnt.c: ensure interoperability by maitaining client "version capability" | Andy Polyakov | |
vector contiguous [from HEAD]. PR: 2802 | |||
2012-04-18 | correct error code | Dr. Stephen Henson | |
2012-04-17 | Disable SHA-2 ciphersuites in < TLS 1.2 connections. | Bodo Möller | |
(TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley | |||
2012-04-17 | Additional workaround for PR#2771 | Dr. Stephen Henson | |
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES. | |||
2012-04-17 | Partial workaround for PR#2771. | Dr. Stephen Henson | |
Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases... | |||
2012-04-16 | OPENSSL_NO_SOCK fixes [from HEAD]. | Andy Polyakov | |
PR: 2791 Submitted by: Ben Noordhuis | |||
2012-04-15 | s3_srvr.c: fix typo [from HEAD]. | Andy Polyakov | |
PR: 2538 | |||
2012-04-15 | e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag | Andy Polyakov | |
countermeasure [from HEAD]. PR: 2778 | |||
2012-04-04 | ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD]. | Andy Polyakov | |
PR: 2778 | |||
2012-03-31 | PR: 2778(part) | Dr. Stephen Henson | |
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time). | |||
2012-03-29 | Experimental workaround to large client hello issue (see PR#2771). | Dr. Stephen Henson | |
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. | |||
2012-03-21 | use client version when deciding whether to send supported signature ↵ | Dr. Stephen Henson | |
algorithms extension | |||
2012-03-13 | ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD]. | Andy Polyakov | |
2012-03-09 | Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> | Dr. Stephen Henson | |
Add more extension names in s_cb.c extension printing code. | |||
2012-03-09 | PR: 2756 | Dr. Stephen Henson | |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling. | |||
2012-03-06 | PR: 2755 | Dr. Stephen Henson | |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. | |||
2012-03-06 | PR: 2748 | Dr. Stephen Henson | |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock. | |||
2012-02-27 | PR: 2739 | Dr. Stephen Henson | |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support. | |||
2012-02-22 | ABI compliance fixes. | Dr. Stephen Henson | |
Move new structure fields to end of structures. Import library codes from 1.0.0 and recreate new ones. | |||
2012-02-17 | typo | Dr. Stephen Henson | |
2012-02-16 | Fix bug in CVE-2011-4619: check we have really received a client hello | Dr. Stephen Henson | |
before rejecting multiple SGC restarts. | |||
2012-02-11 | Submitted by: Eric Rescorla <ekr@rtfm.com> | Dr. Stephen Henson | |
Further fixes for use_srtp extension. | |||
2012-02-10 | PR: 2704 | Dr. Stephen Henson | |
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Fix srp extension. | |||
2012-02-10 | Submitted by: Eric Rescorla <ekr@rtfm.com> | Dr. Stephen Henson | |
Fix encoding of use_srtp extension to be compliant with RFC5764 | |||
2012-02-09 | Modify client hello version when renegotiating to enhance interop with | Dr. Stephen Henson | |
some servers. | |||
2012-01-22 | return error if md is NULL | Dr. Stephen Henson | |
2012-01-18 | Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. | Dr. Stephen Henson | |
Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) | |||
2012-01-15 | 1.0.1-specific OPNESSL vs. OPENSSL typo. | Andy Polyakov | |
PR: 2613 Submitted by: Leena Heino | |||
2012-01-05 | PR: 2652 | Dr. Stephen Henson | |
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se> OpenVMS fixes. | |||
2012-01-05 | Fix for builds without DTLS support. | Bodo Möller | |
Submitted by: Brian Carlstrom | |||
2012-01-05 | PR: 2671 | Dr. Stephen Henson | |
Submitted by: steve Update maximum message size for certifiate verify messages to support 4096 bit RSA keys again as TLS v1.2 messages is two bytes longer. | |||
2012-01-05 | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> | Dr. Stephen Henson | |
Reviewed by: steve Send fatal alert if heartbeat extension has an illegal value. | |||
2012-01-04 | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen ↵ | Dr. Stephen Henson | |
<tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson. | |||
2012-01-04 | Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) | Dr. Stephen Henson | |
2012-01-04 | Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) | Dr. Stephen Henson | |
2012-01-04 | Submitted by: Adam Langley <agl@chromium.org> | Dr. Stephen Henson | |
Reviewed by: steve Fix memory leaks. | |||
2012-01-03 | only send heartbeat extension from server if client sent one | Dr. Stephen Henson | |
2012-01-02 | make update | Dr. Stephen Henson | |
2011-12-31 | PR: 2658 | Dr. Stephen Henson | |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats. | |||
2011-12-27 | make update | Dr. Stephen Henson | |
2011-12-27 | PR: 1794 | Dr. Stephen Henson | |
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve - remove some unncessary SSL_err and permit an srp user callback to allow a worker to obtain a user verifier. - cleanup and comments in s_server and demonstration for asynchronous srp user lookup |