There are a number of instances throughout the code where the constant 28 is

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 277b46f17c0dcddff809802a6a186e78819453dd..c3bb94052d764e57b52b6fac2614f6677d86f2c4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,30 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
+
+   *) Do not resume sessions on the server if the negotiated protocol
+      version does not match the session's version. Resuming with a different
+      version, while not strictly forbidden by the RFC, is of questionable
+      sanity and breaks all known clients.
+      [David Benjamin, Emilia Käsper]
+
+   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
+      early CCS messages during renegotiation. (Note that because
+      renegotiation is encrypted, this early CCS was not exploitable.)
+      [Emilia Käsper]
+
+   *) Tighten client-side session ticket handling during renegotiation:
+      ensure that the client only accepts a session ticket if the server sends
+      the extension anew in the ServerHello. Previously, a TLS client would
+      reuse the old extension state and thus accept a session ticket if one was
+      announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
+      [Emilia Käsper]
+
  Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
 
   *) SRTP Memory Leak.