projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index be3758db0f3d0e4efa412c2ca2fc828d1703f5f6..577ac21be4f8b772eea66bee6494067dfcd1e104 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -52,7 +52,13 @@
      certificates.
      [Steve Henson]
 
- Changes between 1.0.1a and 1.0.1b [xx XXX xxxx]
+ Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
+
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
+
+ Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
 
   *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
      1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
@@ -71,7 +77,8 @@
      protocols *below* X still enabled. In more practical terms it means
      that if application wants to disable TLS1.0 in favor of TLS1.1 and
      above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
-     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
+     client side.
      [Andy Polyakov]
 
  Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
Unnamed repository; edit this file 'description' to name the repository.