projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Document rollback issues.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index e25b9eaed4525bf98b0fcd4a2c3c85ee43e33619..74f5bc7d008207428f867844100b64bd83834f32 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,17 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
+  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+     RSA_padding_check_SSLv23(), special padding was never detected
+     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+     version rollback attacks was not effective.
+
+     In s23_clnt.c, don't use special rollback-attack detection padding
+     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+     client; similarly, in s23_srvr.c, don't do the rollback check if
+     SSL 2.0 is the only protocol enabled in the server.
+     [Bodo Moeller]
+
   *) Make it possible to get hexdumps of unprintable data with 'openssl
      asn1parse'.  By implication, the functions ASN1_parse_dump() and
      BIO_dump_indent() are added.
Unnamed repository; edit this file 'description' to name the repository.