Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+ this fixes a limiation in previous versions of OpenSSL.
+ [Steve Henson]
+
*) Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]
+ *) Keep original DTLS digest and encryption contexts in retransmission
+ structures so we can use the previous session parameters if they need
+ to be resent. (CVE-2013-6450)
+ [Steve Henson]
+
+ *) TLS pad extension: draft-agl-tls-padding-02
+
+ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+ TLS client Hello record length value would otherwise be > 255 and
+ less that 512 pad with a dummy extension containing zeroes so it
+ is at least 512 bytes long.
+
+ To enable it use an unused extension number (for example chrome uses
+ 35655) using:
+
+ e.g. -DTLSEXT_TYPE_padding=35655
+
+ Since the extension is ignored the actual number doesn't matter as long
+ as it doesn't clash with any existing extension.
+
+ This will be updated when the extension gets an official number.
+
+ [Adam Langley, Steve Henson]
+
*) Add functions to allocate and set the fields of an ECDSA_METHOD
structure.
[Douglas E. Engert, Steve Henson]
projects / openssl.git / blobdiff