Further updates to CHANGES and NEWS

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-28 12:28:53 +00:00 · 2016-01-28 12:28:53 +00:00 · bea4cb2e80
commit bea4cb2e80
parent 5fed60f962
2 changed files with 8 additions and 0 deletions
--- a/7
+++ b/7
@ -4,6 +4,13 @@

 Changes between 1.0.1q and 1.0.1r [xx XXX xxxx]

+  *) Protection for DH small subgroup attacks
+
+     As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
+     switched on by default and cannot be disabled. This could have some
+     performance impact.
+     [Matt Caswell]
+
  *) SSLv2 doesn't block disabled ciphers

     A malicious client can negotiate SSLv2 ciphers that have been disabled on
--- a/1
+++ b/1
@ -7,6 +7,7 @@

  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [under development]

+      o Protection for DH small subgroup attacks
      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]