Release Notes: A weakness in the handling of CBC ciphersuites in SSL, TLS, and DTLS, exploited through timing differences arising during MAC processing, was fixed. This vulnerability was reported as CVE-2013-0169. A flaw in the handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms was fixed. This vulnerability was reported as CVE-2012-2686. A flaw in the handling of OCSP response verification, exploitable with a denial of service attack, was fixed. This vulnerability was reported as CVE-2013-0166.
Release Notes: A fix was introduced for a security issue where an extension of the Vaudenay padding oracle attack on CBC mode encryption enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. This issue was originally reported as CVE-2011-4108. Various other bugfixes and improvements were made.
Release Notes: Initialization of X509_STORE_CTX was fixed to eliminate a case where CRLs with "nextUpdate" in the past were sometimes accepted. (This was reported as CVE-2011-3207.) An error in SSL memory handling for (EC)DH ciphersuites was fixed (CVE-2011-3210). A memory leak on bad inputs to x509_name_ex_d2i was fixed. Some ECC ciphersuites are no longer restricted to SHA1. Protection against ECDSA timing attacks was introduced.
Release Notes: An error was fixed in the experimental J-PAKE implementation, which could lead to successful validation by someone with no knowledge of the shared secret. This issue was reported as CVE-2010-4252. An old bug in a workaround that allowed malicious clients to modify the stored session cache ciphersuite was fixed. This issue was reported as CVE-2010-4180.
Release Notes: A race condition was fixed in the TLS server extension code parsing, which could lead to arbitrary code execution. This vulnerability, reported as CVE-2010-3864, affected multi-threaded servers using OpenSSL's internal caching mechanism.
Release Notes: A security vulnerability which could potentially be exploited to bypass key validation, reported as CVE-2010-1633, was resolved.
Release Notes: Fixes to stateless session resumption handling were made. Error return checking was improved for several function calls. Leading 0x80 in OIDs are no longer tolerated. The server certificate chain building code now correctly uses X509_verify_cert(). A potential denial of service attack in dtls1_process_out_of_seq_message() was resolved. Several other bugs were fixed.
Release Notes: Three security flaws of moderate severity were fixed: Printing the contents of an ASN1 certificate with an illegal encoded length could cause an application crash (CVE-2009-0590). CMS verification could cause an invalid set of signed attributes to appear valid (CVE-2009-0591). A malformed ASN1 structure could cause invalid memory access (CVE-2009-0789). Further minor modifications were made.
Release Notes: Several incorrect checks, allowing a malformed signature to be treated as a good signature rather than as an error, were fixed. This vulnerability was reported as CVE-2008-5077. Experimental JPAKE support was implemented. Support for XMPP STARTTLS was added in s_client. Several other minor changes were made.
Release Notes: A flaw in the DTLS implementation that could lead to the compromise of clients and servers with DTLS enabled, as reported in CVE-2007-4995, was fixed. An off-by-one error in SSL_get_shared_ciphers(), as reported in CVE-2007-5135, was fixed. Branch prediction attacks were mitigated. Several other bugfixes were made. RFC4507 support was added, including the corrections in RFC4507bis. Initial support for TLS extensions, specifically for the server_name extension, was added.