diff options
-rw-r--r-- | CHANGES | 15 | ||||
-rw-r--r-- | NEWS | 6 |
2 files changed, 19 insertions, 2 deletions
@@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 1.1.0a and 1.1.1 [xx XXX xxxx] + Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] *) Add support for SipHash [Todd Short] @@ -24,6 +24,19 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] *) Truncated packet could crash via OOB read @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.1 [under development] + Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.1 [under development] o + Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] + + o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) + Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] o Truncated packet could crash via OOB read (CVE-2017-3731) |