Don't disable rollback attack detection as a recommended bug workaround.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 224c809508452785e12dbf9bfe93cc8357c5d7e2..7ec91e58d224ab8e5b07933ec64be10897316e42 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,13 +12,24 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers, when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
   +) Rationalise EVP so it can be extended: don't include a union of
      cipher/digest structures, add init/cleanup functions. This also reduces
      the number of header dependencies.
      [Ben Laurie]
 
-  +) Make DES key schedule conform to the usual scheme, as well as correcting
-     its structure.
+  +) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway).
      [Ben Laurie]
 
   +) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
@@ -839,6 +850,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      the clients preferred ciphersuites and rather use its own preferences.
      Should help to work around M$ SGC (Server Gated Cryptography) bug in
      Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
      [Lutz Jaenicke]
 
   +) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael