Add CVE number.

author Ben Laurie <ben@openssl.org>

Thu, 5 Nov 2009 16:08:52 +0000 (16:08 +0000)

committer Ben Laurie <ben@openssl.org>

Thu, 5 Nov 2009 16:08:52 +0000 (16:08 +0000)
author Ben Laurie <ben@openssl.org>
Thu, 5 Nov 2009 16:08:52 +0000 (16:08 +0000)
committer Ben Laurie <ben@openssl.org>
Thu, 5 Nov 2009 16:08:52 +0000 (16:08 +0000)
diff --git a/CHANGES b/CHANGES

index cd445c931309dec47ee933112312165720011354..3c9f51c5b78160b716f5c8b9bd054b2f1a47f6be 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,10 +5,11 @@
   Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
  
    *) Disable renegotiation completely - this fixes a severe security
-     problem at the cost of breaking all renegotiation. Renegotiation
-     can be re-enabled by setting
-     OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at
-     compile-time. This is really not recommended.
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
       [Ben Laurie]
  
   Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
author	Ben Laurie <ben@openssl.org>
	Thu, 5 Nov 2009 16:08:52 +0000 (16:08 +0000)
committer	Ben Laurie <ben@openssl.org>
	Thu, 5 Nov 2009 16:08:52 +0000 (16:08 +0000)