Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
- *)
+ *) Tighten client-side session ticket handling during renegotiation:
+ ensure that the client only accepts a session ticket if the server sends
+ the extension anew in the ServerHello. Previously, a TLS client would
+ reuse the old extension state and thus accept a session ticket if one was
+ announced in the initial ServerHello.
+ [Emilia Käsper]
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
projects / openssl.git / blobdiff