Projects / OpenSSL / Releases

All releases of OpenSSL

  •  09 Jan 2014 07:27
Avatar

    Release Notes: A TLS record tampering bug was fixed. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS digest and encryption contexts are kept in retransmission structures so that the previous session parameters can be used if they need to be re-sent (CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X was added.

    •  07 Feb 2013 12:20
    Avatar

      Release Notes: A weakness in the handling of CBC ciphersuites in SSL, TLS, and DTLS, exploited through timing differences arising during MAC processing, was fixed. This vulnerability was reported as CVE-2013-0169. A flaw in the handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms was fixed. This vulnerability was reported as CVE-2012-2686. A flaw in the handling of OCSP response verification, exploitable with a denial of service attack, was fixed. This vulnerability was reported as CVE-2013-0166.

      •  06 Jun 2012 16:01
      Avatar

        Release Notes: Record length are now sanity checked before skipping explicit IV in TLS 1.2, 1.1, and DTLS, to avoid possible DoS attacks. A possible deadlock when decoding public keys has been fixed. The TLS 1.0 record version number is no longer used in the initial client hello if renegotiating. tkeylen in now initialized properly when encrypting CMS messages. In FIPS mode, composite ciphers are no longer used, as they are not approved.

        •  20 Apr 2012 10:59
        Avatar

          Release Notes: A check has been added for potentially exploitable overflows in asn1_d2i_read_bio, BUF_mem_grow, and BUF_mem_grow_clean. Workarounds have been introduced for some broken servers which "hang" if a client hello record length exceeds 255 bytes. Incorrect use of TLS 1.2 SHA-256 ciphersuites in TLS 1.0 and 1.1 connections is now avoided. A segmentation fault in the Vector Permutation AES module has been fixed.

          •  14 Mar 2012 15:36
          Avatar

            Release Notes: Initial TLSv1.1 support and TLS v1.2 support were implemented. Many improvements and minor bugfixes were made.

            •  19 Jan 2012 09:09
            Avatar

              Release Notes: This release fixed a DTLS DoS issue which was recently introduced by the fix for CVE-2011-4109.

              •  06 Jan 2012 12:32
              Avatar

                Release Notes: A fix was introduced for a security issue where an extension of the Vaudenay padding oracle attack on CBC mode encryption enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. This issue was originally reported as CVE-2011-4108. Various other bugfixes and improvements were made.

                •  07 Sep 2011 07:49
                Avatar

                  Release Notes: Initialization of X509_STORE_CTX was fixed to eliminate a case where CRLs with "nextUpdate" in the past were sometimes accepted. (This was reported as CVE-2011-3207.) An error in SSL memory handling for (EC)DH ciphersuites was fixed (CVE-2011-3210). A memory leak on bad inputs to x509_name_ex_d2i was fixed. Some ECC ciphersuites are no longer restricted to SHA1. Protection against ECDSA timing attacks was introduced.

                  •  10 Feb 2011 09:25
                  Avatar

                    Release Notes: Parsing of the OCSP stapling ClientHello extension was fixed. This issue was reported as CVE-2011-0014. A bug in string printing code, where the escape character itself was not escaped, was fixed.

                    •  06 Dec 2010 23:18
                    Avatar

                      Release Notes: An error was fixed in the experimental J-PAKE implementation, which could lead to successful validation by someone with no knowledge of the shared secret. This issue was reported as CVE-2010-4252. An old bug in a workaround that allowed malicious clients to modify the stored session cache ciphersuite was fixed. This issue was reported as CVE-2010-4180.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.