projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
there is no minimum length for session IDs
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 0cfe8adc9be79fcd4575aecaebf589139ac39ec7..b2176628401de35e6bcb6fd3f473736e189e4b32 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1923,6 +1923,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
 
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
   *) Fix race condition in SSLv3_client_method().
      [Bodo Moeller]
 
Unnamed repository; edit this file 'description' to name the repository.