projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rand_win.c: handel GetTickCount wrap-around [from HEAD].
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index af042cce3c5ab5bf221acb428d7fe36b4c906066..ac3191abb8201a5471b86129de5f0fa02edfaa6a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -836,7 +836,21 @@
      [NTT]
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
-  
+
+  *) Handle TLS versions 2.0 and later properly and correctly use the
+     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+     off ancient servers have a habit of sticking around for a while...
+     [Steve Henson]
+
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_free_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+
   *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
      change when encrypting or decrypting.
      [Bodo Moeller]
Unnamed repository; edit this file 'description' to name the repository.