Version 1.0.1a of OpenSSL

Avatar

Release Notes: A check has been added for potentially exploitable overflows in asn1_d2i_read_bio, BUF_mem_grow, and BUF_mem_grow_clean. Workarounds have been introduced for some broken servers which "hang" if a client hello record length exceeds 255 bytes. Incorrect use of TLS 1.2 SHA-256 ciphersuites in TLS 1.0 and 1.1 connections is now avoided. A segmentation fault in the Vector Permutation AES module has been fixed.

Other releases

  •  09 Jan 2014 22:21

    Release Notes: A TLS record tampering bug was fixed. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS digest and encryption contexts are kept in retransmission structures so that the previous session parameters can be used if they need to be re-sent (CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X was added.

    •  07 Feb 2013 22:11
    Avatar

    Release Notes: A weakness in the handling of CBC ciphersuites in SSL, TLS, and DTLS, exploited through timing differences arising during MAC processing, was fixed. This vulnerability was reported as CVE-2013-0169. A flaw in the handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms was fixed. This vulnerability was reported as CVE-2012-2686. A flaw in the handling of OCSP response verification, exploitable with a denial of service attack, was fixed. This vulnerability was reported as CVE-2013-0166.

    Release Notes: Record length are now sanity checked before skipping explicit IV in TLS 1.2, 1.1, and DTLS, to avoid possible DoS attacks. A possible deadlock when decoding public keys has been fixed. The TLS 1.0 record version number is no longer used in the initial client hello if renegotiating. tkeylen in now initialized properly when encrypting CMS messages. In FIPS mode, composite ciphers are no longer used, as they are not approved.

    •  20 Apr 2012 22:13
    Avatar

    Release Notes: A check has been added for potentially exploitable overflows in asn1_d2i_read_bio, BUF_mem_grow, and BUF_mem_grow_clean. Workarounds have been introduced for some broken servers which "hang" if a client hello record length exceeds 255 bytes. Incorrect use of TLS 1.2 SHA-256 ciphersuites in TLS 1.0 and 1.1 connections is now avoided. A segmentation fault in the Vector Permutation AES module has been fixed.

    Release Notes: Initial TLSv1.1 support and TLS v1.2 support were implemented. Many improvements and minor bugfixes were made.

    Screenshot

    Project Spotlight

    Librfm

    A basic file management library for Rodent applications.

    Screenshot

    Project Spotlight

    wview

    A server class solution for supported weather stations.