Projects / OpenSSL / Releases

All releases of OpenSSL

  •  17 Nov 2010 09:23
Avatar

    Release Notes: A race condition was fixed in the TLS server extension code parsing, which could lead to arbitrary code execution. This vulnerability, reported as CVE-2010-3864, affected multi-threaded servers using OpenSSL's internal caching mechanism.

    •  02 Jun 2010 14:58
    Avatar

      Release Notes: A security vulnerability which could potentially be exploited to bypass key validation, reported as CVE-2010-1633, was resolved.

      •  30 Mar 2010 08:37
      Avatar

        Release Notes: Connection renegotiation was vastly improved to overcome protocol weaknesses. A recently introduced "Record of death" vulnerability was resolved. A possible crash, reported as CVE-2010-0433, was fixed. Some memory leaks were resolved. Initial TLSv1.1 support was added. Handling of TLS versions 2.0 and later was improved, and the highest version is now selected. Support for MD2 has been deprecated. Support for companion-algorithm specific ASN1 signing routines was added. Signature dumping was improved. Many other improvements and minor bugfixes were made.

        •  06 Nov 2009 16:32
        Avatar

          Release Notes: Fixes to stateless session resumption handling were made. Error return checking was improved for several function calls. Leading 0x80 in OIDs are no longer tolerated. The server certificate chain building code now correctly uses X509_verify_cert(). A potential denial of service attack in dtls1_process_out_of_seq_message() was resolved. Several other bugs were fixed.

          •  28 Mar 2009 23:31
          Avatar

            Release Notes: Three security flaws of moderate severity were fixed: Printing the contents of an ASN1 certificate with an illegal encoded length could cause an application crash (CVE-2009-0590). CMS verification could cause an invalid set of signed attributes to appear valid (CVE-2009-0591). A malformed ASN1 structure could cause invalid memory access (CVE-2009-0789). Further minor modifications were made.

            •  08 Jan 2009 21:37
            Avatar

              Release Notes: Several incorrect checks, allowing a malformed signature to be treated as a good signature rather than as an error, were fixed. This vulnerability was reported as CVE-2008-5077. Experimental JPAKE support was implemented. Support for XMPP STARTTLS was added in s_client. Several other minor changes were made.

              •  29 Sep 2008 17:34
              Avatar

                Release Notes: An incomplete fix for unsafe triple-checked locking was updated. Several precautionary measures were introduced. Support for the Local Machine Keyset attribute in PKCS#12 files was added. Several minor bugs were fixed.

                •  01 Jun 2008 18:46
                Avatar

                  Release Notes: Two crashes discovered using the Codenomicon TLS test suite, as reported in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates of commercial CAs were removed from the distribution. Functions were added to implement RFC3394 compatible AES key wrapping. Utility functions to handle ASN1 structures were added. The certificate status request TLS extension, as defined in RFC3546, was implemented. Several other bugfixes and enhancements were made.

                  •  03 Dec 2007 18:59
                  Avatar

                    Release Notes: DTLS interoperation with non-compliant servers was fixed. IA64 assembler code was fixed. Binary incompatibility of the ssl_ctx_st structure was adjusted.

                    •  18 Oct 2007 21:02
                    Avatar

                      Release Notes: A flaw in the DTLS implementation that could lead to the compromise of clients and servers with DTLS enabled, as reported in CVE-2007-4995, was fixed. An off-by-one error in SSL_get_shared_ciphers(), as reported in CVE-2007-5135, was fixed. Branch prediction attacks were mitigated. Several other bugfixes were made. RFC4507 support was added, including the corrections in RFC4507bis. Initial support for TLS extensions, specifically for the server_name extension, was added.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.