Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) Support for fixed DH ciphersuites: those requiring DH server
+ certificates.
+ [Steve Henson]
+
*) Transparently support X9.42 DH parameters when calling
PEM_read_bio_DHparameters. This means existing applications can handle
the new parameter format automatically.
(CVE-2011-4576)
[Adam Langley (Google)]
- *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+ Kadianakis <desnacked@gmail.com> for discovering this issue and
+ Adam Langley for preparing the fix. (CVE-2011-4619)
[Adam Langley (Google)]
*) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
(CVE-2011-4576)
[Adam Langley (Google)]
- *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+ Kadianakis <desnacked@gmail.com> for discovering this issue and
+ Adam Langley for preparing the fix. (CVE-2011-4619)
[Adam Langley (Google)]
*) Prevent malformed RFC3779 data triggering an assertion failure.