X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=1b10b774a955999cebfd03f0b720bc7147c14a31;hp=69684fc85db09e25eb88c6284876c2c6aa68210e;hb=14c67a70043c0ba72e11d3c19650db09ffdc2224;hpb=cdf84b719cdbbe0ffe08d449722864f30da0e2a7 diff --git a/CHANGES b/CHANGES index 69684fc85d..1b10b774a9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,33 +2,34 @@ OpenSSL CHANGES _______________ - Changes between 1.0.x and 1.1.0 [xx XXX xxxx] + Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] - *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which - avoids preferring ECDHE-ECDSA ciphers when the client appears to be - Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for - several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug - is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing - 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. - [Rob Stradling, Adam Langley] + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): + this fixes a limiation in previous versions of OpenSSL. + [Steve Henson] *) Experimental encrypt-then-mac support. Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt - To enable it set the appropriate extension number (0x10 for the test - server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 + To enable it set the appropriate extension number (0x42 for the test + server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42 For non-compliant peers (i.e. just about everything) this should have no effect. WARNING: EXPERIMENTAL, SUBJECT TO CHANGE. - NOTE: unfortunately the test server value (0x10) clashes with the draft - ALPN extension. Until this is resolved the only way to check against the - test server is to temporarily change the ALPN extension value (ugh!). - [Steve Henson] *) Add callbacks supporting generation and retrieval of supplemental @@ -285,6 +286,42 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + + *) TLS pad extension: draft-agl-tls-padding-02 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + To enable it use an unused extension number (for example chrome uses + 35655) using: + + e.g. -DTLSEXT_TYPE_padding=35655 + + Since the extension is ignored the actual number doesn't matter as long + as it doesn't clash with any existing extension. + + This will be updated when the extension gets an official number. + + [Adam Langley, Steve Henson] + + *) Add functions to allocate and set the fields of an ECDSA_METHOD + structure. + [Douglas E. Engert, Steve Henson] + + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which + avoids preferring ECDHE-ECDSA ciphers when the client appears to be + Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for + several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug + is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing + 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. + [Rob Stradling, Adam Langley] + *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the difference in days and seconds between two tm or ASN1_TIME structures. [Steve Henson]