diff options
author | Bodo Möller <bodo@openssl.org> | 2001-08-07 09:30:18 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-08-07 09:30:18 +0000 |
commit | 37a7cd1a11827af12801a535ad9b17bdca96caeb (patch) | |
tree | d26649b935c4479b3716734d0794d042f3b214ff /CHANGES | |
parent | 3a2d9c4dd0b2d75aca3decae7737304b9024dc34 (diff) | |
download | openssl-37a7cd1a11827af12801a535ad9b17bdca96caeb.tar.gz |
Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.
Submitted by: Petr Lampa <lampa@fee.vutbr.cz>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -12,6 +12,12 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa <lampa@fee.vutbr.cz>] + +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended bug workarounds. Rollback attack detection is a security feature. The problem will only arise on OpenSSL servers when TLSv1 is not |