Release Notes: The SSL/TLS server implementation now properly tolerates "mismatched" protocol versions at initial connection. Several bugs were fixed.
Release Notes: This release fixes several security vulnerabilities: Limits have been introduced to prevent malicious keys from being able to cause a denial of service, as reported in CVE-2006-2940. ASN.1 parsing of certain invalid structures has been fixed, to prevent denial of service as reported in CVE-2006-2937. A buffer overflow in SSL_get_shared_ciphers(), as reported in CVE-2006-3738, has been fixed. A possible crash when connecting to a malicious SSLv2 server, as reported in CVE-2006-4343, has been fixed. The ciphersuite selection algorithm has been changed to match only explicitly-named ciphersuites.
Release Notes: This release fixes the vulnerability CVE-2006-4339. Some rogue ciphersuites were disabled. Potential thread-safety issues were fixed. Several other fixes were made.
Release Notes: A fix was introduced for an SSL 2.0 rollback security vulnerability which was reported as CAN-2005-2969. Minimal support for X9.31 signatures and PSS padding modes was added. Support for smime-type MIME parameter was added.
Release Notes: A denial of service vulnerability in ASN.1 parsing that was present in 0.9.6k was fixed.
Release Notes: Important bugs were fixed, including problems with client side session caching and some race conditions.
No changes have been submitted for this release.
Release Notes: Changes have been made due to a security advisory. Upgrading is highly recommended.
Release Notes: Minor bugfixes have been made.
Release Notes: Support for Cryptographic Appliance's keyserver technology, support for Broadcom, SureWare, and Accelerated Encryption Processing crypto accelerator cards, and lots of bugfixes.