diff options
author | Bodo Möller <bodo@openssl.org> | 2012-04-17 15:20:17 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2012-04-17 15:20:17 +0000 |
commit | 4d936ace088da7a72e7dc8901cbba64e3c1f3596 (patch) | |
tree | 57fa2dc4438dc8104db545237c957e19c14de2c7 /CHANGES | |
parent | 89bd25eb26bbc2ebceb4cd892e7453337804820c (diff) | |
download | openssl-new-4d936ace088da7a72e7dc8901cbba64e3c1f3596.tar.gz |
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4,6 +4,9 @@ Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] + *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. + [Adam Langley] + *) Workarounds for some broken servers that "hang" if a client hello record length exceeds 255 bytes. |