|
4 |
|
4 |
|
5 |
Changes between 1.0.1r and 1.0.1s [xx XXX xxxx] |
5 |
Changes between 1.0.1r and 1.0.1s [xx XXX xxxx] |
6 |
|
6 |
|
|
|
7 |
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 |
8 |
is by default disabled at build-time. Builds that are not configured with |
9 |
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, |
10 |
users who want to negotiate SSLv2 via the version-flexible SSLv23_method() |
11 |
will need to explicitly call either of: |
12 |
|
13 |
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); |
14 |
or |
15 |
SSL_clear_options(ssl, SSL_OP_NO_SSLv2); |
16 |
|
17 |
as appropriate. Even if either of those is used, or the application |
18 |
explicitly uses the version-specific SSLv2_method() or its client and |
19 |
server variants, SSLv2 ciphers vulnerable to exhaustive search key |
20 |
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT |
21 |
ciphers, and SSLv2 56-bit DES are no longer available. |
22 |
[Viktor Dukhovni] |
23 |
|
7 |
*) Disable SRP fake user seed to address a server memory leak. |
24 |
*) Disable SRP fake user seed to address a server memory leak. |
8 |
|
25 |
|
9 |
Add a new method SRP_VBASE_get1_by_user that handles the seed properly. |
26 |
Add a new method SRP_VBASE_get1_by_user that handles the seed properly. |