Clean up CHANGES

Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 31832e8ff1) Conflicts: CHANGES
2014-11-20 12:20:02 +01:00 · 2014-11-20 12:20:02 +01:00 · 0b9e82763f
commit 0b9e82763f
parent e5f261df73
1 changed files with 1 additions and 17 deletions
--- a/18
+++ b/18
@ -2,7 +2,7 @@
 OpenSSL CHANGES
 _______________

- Changes between 1.0.1j and 1.0.2 [xx XXX xxxx]
+ Changes between 1.0.1k and 1.0.2 [xx XXX xxxx]

  *) SRTP Memory Leak.

@ -43,22 +43,6 @@
     (CVE-2014-3566)
     [Adam Langley, Bodo Moeller]

-   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
-      early CCS messages during renegotiation. (Note that because
-      renegotiation is encrypted, this early CCS was not exploitable.)
-      [Emilia Käsper]
-
-   *) Tighten client-side session ticket handling during renegotiation:
-      ensure that the client only accepts a session ticket if the server sends
-      the extension anew in the ServerHello. Previously, a TLS client would
-      reuse the old extension state and thus accept a session ticket if one was
-      announced in the initial ServerHello.
-
-      Similarly, ensure that the client requires a session ticket if one
-      was advertised in the ServerHello. Previously, a TLS client would
-      ignore a missing NewSessionTicket message.
-      [Emilia Käsper]
-
  *) Accelerated NIST P-256 elliptic curve implementation for x86_64
     (other platforms pending).
     [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov]