diff options
| author | Matt Caswell <matt@openssl.org> | 2016-05-03 09:49:13 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-05-03 13:17:34 +0100 |
| commit | 6ac8377901b6cb9d5da8953d090e2ab43d65e8b5 (patch) | |
| tree | ddffa2ddc924995bc64188ae03004fea5ec29248 /NEWS | |
| parent | 70428eada9bc4cf31424d723d1f992baffeb0dfb (diff) | |
| download | openssl-new-6ac8377901b6cb9d5da8953d090e2ab43d65e8b5.tar.gz | |
Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -5,7 +5,7 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2g and OpenSSL 1.1.0 [in pre-release] + Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release] o "shared" builds are now the default when possible o Added support for "pipelining" @@ -46,6 +46,19 @@ o Support for Certificate Transparency o HKDF support. + Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] + + o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) + o Fix EVP_EncodeUpdate overflow (CVE-2016-2105) + o Fix EVP_EncryptUpdate overflow (CVE-2016-2106) + o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) + o EBCDIC overread (CVE-2016-2176) + o Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + o Remove LOW from the DEFAULT cipher list. This removes singles DES from + the default. + o Only remove the SSLv2 methods with the no-ssl2-method option. + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. |