projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Assume TLS 1.0 when ClientHello fragment is too short.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 755efead7d5496562837904e413179559b1ae5ab..99d9dd064285a1f51ebb4ad03ac319601793527c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,15 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
   +) Change all functions with names starting with des_ to be starting
      with DES_ instead.  This because there are increasing clashes with
      libdes and other des libraries that are currently used by other
Unnamed repository; edit this file 'description' to name the repository.