Update CHANGES and NEWS ready for release
Update CHANGES and NEWS with details of the issues fixed in the forthcoming release. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell
parent
4040a7fd10
commit
5fed60f962
2 changed files with 13 additions and 1 deletions
12
CHANGES
12
CHANGES
|
|
@ -4,6 +4,18 @@
|
|||
|
||||
Changes between 1.0.1q and 1.0.1r [xx XXX xxxx]
|
||||
|
||||
*) SSLv2 doesn't block disabled ciphers
|
||||
|
||||
A malicious client can negotiate SSLv2 ciphers that have been disabled on
|
||||
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
|
||||
been disabled, provided that the SSLv2 protocol was not also disabled via
|
||||
SSL_OP_NO_SSLv2.
|
||||
|
||||
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
|
||||
and Sebastian Schinzel.
|
||||
(CVE-2015-3197)
|
||||
[Viktor Dukhovni]
|
||||
|
||||
*) Reject DH handshakes with parameters shorter than 1024 bits.
|
||||
[Kurt Roeckx]
|
||||
|
||||
|
|
|
|||
2
NEWS
2
NEWS
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [under development]
|
||||
|
||||
o
|
||||
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
|
||||
|
||||
Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue