ECDH downgrade bug fix.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 8e8646e674c96c99d8b38e51d52a804203c54050..519869b6d525e2740c49a5b8166f6c65c0b40ea7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 1.0.0o and 1.0.0p [xx XXX xxxx]
 
+  *) Abort handshake if server key exchange message is omitted for ephemeral
+     ECDH ciphersuites.
+
+     Thanks to Karthikeyan Bhargavan for reporting this issue.
+     (CVE-2014-3572)
+     [Steve Henson]
+
   *) Fix various certificate fingerprint issues.
 
      By using non-DER or invalid encodings outside the signed portion of a