projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Clear warnings/errors within CIPHER_DEBUG code sections
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 66c08e5b75f4090264fd4384c8970961a175d8d0..edf0ee3ac450c8f4b5b221e93d077c6ceb460d7f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -365,6 +365,12 @@
 
  Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
 
+   *) Do not resume sessions on the server if the negotiated protocol
+      version does not match the session's version. Resuming with a different
+      version, while not strictly forbidden by the RFC, is of questionable
+      sanity and breaks all known clients.
+      [David Benjamin, Emilia Käsper]
+
    *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
       early CCS messages during renegotiation. (Note that because
       renegotiation is encrypted, this early CCS was not exploitable.)
Unnamed repository; edit this file 'description' to name the repository.