Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
+ *) Disable renegotiation completely - this fixes a severe security
+ problem at the cost of breaking all renegotiation. Renegotiation
+ can be re-enabled by setting
+ OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at
+ compile-time. This is really not recommended.
+ [Ben Laurie]
+
+ *) Fixes to stateless session resumption handling. Use initial_ctx when
+ issuing and attempting to decrypt tickets in case it has changed during
+ servername handling. Use a non-zero length session ID when attempting
+ stateless session resumption: this makes it possible to determine if
+ a resumption has occurred immediately after receiving server hello
+ (several places in OpenSSL subtly assume this) instead of later in
+ the handshake.
+ [Steve Henson]
*) The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error