generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,247 Commits 16 Branches 258 Tags 86 MiB
d7a854c055
Commit Graph

148 Commits

Author SHA1 Message Date
Viktor Dukhovni
abd5d8fbef Disable EXPORT and LOW SSLv3+ ciphers by default 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-03-01 11:24:02 +00:00
Viktor Dukhovni
56f1acf5ef Disable SSLv2 default build, default negotiation and weak ciphers. 
SSLv2 is by default disabled at build-time.  Builds that are not
configured with "enable-ssl2" will not support SSLv2.  Even if
"enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either
of:

    SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
    SSL_clear_options(ssl, SSL_OP_NO_SSLv2);

as appropriate.  Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search
key recovery have been removed.  Specifically, the SSLv2 40-bit
EXPORT ciphers, and SSLv2 56-bit DES are no longer available.

Mitigation for CVE-2016-0800

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-03-01 11:23:45 +00:00
Matt Caswell
69ff244490 Prepare for 1.0.1s-dev 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-01-28 17:06:38 +00:00
Matt Caswell
09ccb58518 Prepare for 1.0.1r release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-01-28 17:06:38 +00:00
Matt Caswell
bea4cb2e80 Further updates to CHANGES and NEWS 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-01-28 17:06:38 +00:00
Matt Caswell
5fed60f962 Update CHANGES and NEWS ready for release 
Update CHANGES and NEWS with details of the issues fixed in the forthcoming
release.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-01-28 17:06:38 +00:00
Matt Caswell
d82626caec Prepare for 1.0.1r-dev 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-03 14:51:13 +00:00
Matt Caswell
55615e8d48 Prepare for 1.0.1q release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-03 14:50:26 +00:00
Matt Caswell
ac3dd9b7e6 Update CHANGES and NEWS 
Update the CHANGES and NEWS files for the new release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-03 13:45:13 +01:00
Matt Caswell
7c17c20a56 Prepare for 1.0.1q-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-07-09 13:29:59 +01:00
Matt Caswell
5ab53da9fb Prepare for 1.0.1p release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-07-09 13:22:23 +01:00
Matt Caswell
245daa2b73 Update CHANGES and NEWS for the new release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-07-09 09:32:04 +01:00
Matt Caswell
902795b2f1 Prepare for 1.0.1p-dev 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-06-12 16:24:26 +01:00
Matt Caswell
2a8c2799e1 Prepare for 1.0.1o release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-06-12 16:20:59 +01:00
Matt Caswell
2ad310ffde Updated CHANGES and NEWS entries for new release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-06-12 16:02:04 +01:00
Matt Caswell
3adca975dc Prepare for 1.0.1o-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-06-11 15:08:34 +01:00
Matt Caswell
517899e6c8 Prepare for 1.0.1n release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-06-11 15:05:11 +01:00
Matt Caswell
1f31458a77 Update CHANGES and NEWS 
Updates to CHANGES and NEWS to take account of the latest security fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-06-11 15:02:21 +01:00
Matt Caswell
a6a704f448 Prepare for 1.0.1n-dev 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-19 13:41:07 +00:00
Matt Caswell
506c106880 Prepare for 1.0.1m release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-19 13:38:37 +00:00
Matt Caswell
6e24e1cdd2 Update NEWS file 
Update the NEWS file with the latest entries from CHANGES ready for the
release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-19 12:59:31 +00:00
Matt Caswell
82123b5e94 Remove overlapping CHANGES/NEWS entries 
Remove entries from CHANGES and NEWS from letter releases that occur *after*
the next point release. Without this we get duplicate entries for the same
issue appearing multiple times.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-19 12:59:31 +00:00
Matt Caswell
3a9a032163 Prepare for 1.0.1m-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-01-15 14:49:54 +00:00
Matt Caswell
b83ceba7d5 Prepare for 1.0.1l release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-01-15 14:45:15 +00:00
Matt Caswell
583f0bc402 Updates to CHANGES and NEWS 
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
 2015-01-15 13:17:18 +00:00
Matt Caswell
8437225d34 Prepare for 1.0.1l-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-01-08 14:07:43 +00:00
Matt Caswell
b4a57c4c41 Prepare for 1.0.1k release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-01-08 14:03:40 +00:00
Matt Caswell
e02863b5ac CHANGES and NEWS updates for release 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Henson <steve@openssl.org>
 2015-01-08 13:51:50 +00:00
Matt Caswell
e356ac5c06 Prepare for 1.0.1k-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-10-15 13:55:20 +01:00
Matt Caswell
872e681c00 Prepare for 1.0.1j release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-10-15 13:54:46 +01:00
Matt Caswell
38b71ba8ff Updates to NEWS 
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
 2014-10-15 08:51:50 -04:00
Matt Caswell
204fb36a0e Prepare for 1.0.1j-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-08-06 22:19:10 +01:00
Matt Caswell
2b45603445 Prepare for 1.0.1i release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-08-06 22:18:45 +01:00
Dr. Stephen Henson
9b649d9a73 update NEWS 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-08-06 20:33:25 +01:00
Dr. Stephen Henson
f3b0e0215c update release notes 2014-07-02 18:32:03 +01:00
Dr. Stephen Henson
6c86bf7a1e update NEWS 2014-06-07 18:19:03 +01:00
Dr. Stephen Henson
049615e35d Prepare for 1.0.1i-dev 2014-06-05 10:45:50 +01:00
Dr. Stephen Henson
6b72417a00 Prepare for 1.0.1h release 2014-06-05 10:45:00 +01:00
Dr. Stephen Henson
aabbe99fcb Update CHANGES and NEWS 2014-06-05 09:04:27 +01:00
Dr. Stephen Henson
ebe221948d Prepare for 1.0.1h-dev 2014-04-07 17:58:39 +01:00
Dr. Stephen Henson
b2d951e423 Prepare for 1.0.1g release 2014-04-07 17:55:44 +01:00
Dr. Stephen Henson
c5993d10a8 Update NEWS. 2014-04-07 17:53:31 +01:00
Dr. Stephen Henson
1c65936882 update NEWS 2014-03-12 14:43:52 +00:00
Dr. Stephen Henson
069607124d update NEWS 2014-02-25 14:27:18 +00:00
Dr. Stephen Henson
0071215832 Backport TLS padding extension from master. 
(cherry picked from commit 8c6d8c2a49)

Conflicts:

	CHANGES
	ssl/t1_lib.c
 2014-02-14 22:19:03 +00:00
Dr. Stephen Henson
e3ebdcff12 Update NEWS. 2014-01-08 14:24:21 +00:00
Dr. Stephen Henson
cb10cf1224 Update NEWS. 2014-01-08 13:39:48 +00:00
Dr. Stephen Henson
51478be956 Update NEWS: removal of time in handshakes. 2014-01-06 15:37:02 +00:00
Dr. Stephen Henson
a7304e4b98 Prepare for 1.0.1g-dev 2014-01-06 14:37:03 +00:00
Dr. Stephen Henson
0d8776344c Prepare for 1.0.1f release 2014-01-06 14:36:07 +00:00