projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Delete trailing whitespace from output.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index ccaab0505b63b39ba540ea9267cd44a35fb72096..0ca93f25831fd435de9c63d0da0f15c04318512e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -376,10 +376,20 @@
   *) Abort handshake if server key exchange message is omitted for ephemeral
      ECDH ciphersuites.
 
-     Thanks to Karthikeyan Bhargavan for reporting this issue.
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
      (CVE-2014-3572)
      [Steve Henson]
 
+  *) Remove non-export ephemeral RSA code on client and server. This code
+     violated the TLS standard by allowing the use of temporary RSA keys in
+     non-export ciphersuites and could be used by a server to effectively
+     downgrade the RSA key length used to a value smaller than the server
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
+     (CVE-2015-0204)
+     [Steve Henson]
+
   *) Ensure that the session ID context of an SSL is updated when its
      SSL_CTX is updated via SSL_set_SSL_CTX.
 
Unnamed repository; edit this file 'description' to name the repository.