OpenSSL CHANGES
_______________
- Changes between 0.9.8 and 0.9.8a [XX xxx XXXX]
+ Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CAN-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
*) Add two function to clear and return the verify parameter flags.
[Steve Henson]
differing sizes.
[Richard Levitte]
- Changes between 0.9.7g and 0.9.7h [XX xxx XXXX]
+ Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea.
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
*) Minimal support for X9.31 signatures and PSS padding modes. This is
mainly for FIPS compliance and not fully integrated at this stage.
Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
*) Fixes for newer kerberos headers. NB: the casts are needed because
the 'length' field is signed on one version and unsigned on another
with no (?) obvious way to tell the difference, without these VC++
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8 was released on July 5th, 2005.
+OpenSSL 0.9.8a was released on October 11th, 2005.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+
+ o Fix potential SSL 2.0 rollback, CAN-2005-2969
+ o Extended Windows CE support
+
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
o Major work on the BIGNUM library for higher efficiency and to
- OpenSSL 0.9.8a XX xxx XXXX
+ OpenSSL 0.9.8a 11 Oct 2005
Copyright (c) 1998-2005 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
OpenSSL STATUS Last modified at
- ______________ $Date: 2005/07/05 18:49:43 $
+ ______________ $Date: 2005/10/11 10:16:06 $
DEVELOPMENT STATE
o OpenSSL 0.9.9: Under development...
+ o OpenSSL 0.9.8a: Released on October 11th, 2005
o OpenSSL 0.9.8: Released on July 5th, 2005
+ o OpenSSL 0.9.7h: Released on October 11th, 2005
o OpenSSL 0.9.7g: Released on April 11th, 2005
o OpenSSL 0.9.7f: Released on March 22nd, 2005
o OpenSSL 0.9.7e: Released on October 25th, 2004
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x00908010L
+#define OPENSSL_VERSION_NUMBER 0x0090801fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips 11 Oct 2005"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a 11 Oct 2005"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
=item SSL_OP_MSIE_SSLV2_RSA_PADDING
-...
+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
int n=0,j;
int type=0;
int v[2];
-#ifndef OPENSSL_NO_RSA
- int use_sslv2_strong=0;
-#endif
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
}
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
- use_sslv2_strong ||
- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
projects / oweals / openssl.git / commitdiff