| #
308200 |
|
02-Nov-2016 |
delphij |
Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:
Don't allow too many consecutive warning alerts
Certain warning alerts are ignored if they are received. This can mean that
no progress will be made if one peer continually sends those warning alerts.
Implement a count so that we abort the connection if we receive too many.
Issue reported by Shi Lei.
This is a direct commit to stable/10 and stable/9.
Security: CVE-2016-8610
|
| #
306196 |
|
22-Sep-2016 |
jkim |
Merge OpenSSL 1.0.1u.
|
| #
298999 |
|
03-May-2016 |
jkim |
Merge OpenSSL 1.0.1t.
Relnotes: yes
|
| #
291721 |
|
03-Dec-2015 |
jkim |
Merge OpenSSL 1.0.1q.
|
| #
284285 |
|
11-Jun-2015 |
jkim |
MFC: r284283
Merge OpenSSL 1.0.1n.
|
| #
280304 |
|
20-Mar-2015 |
jkim |
MFC: r280297
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
| #
276864 |
|
08-Jan-2015 |
jkim |
MFC: r276861, r276863
Merge OpenSSL 1.0.1k.
|
| #
269686 |
|
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
| #
264331 |
|
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
| #
260404 |
|
07-Jan-2014 |
delphij |
MFC r260403 (MFV r260399):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
|
| #
284285 |
|
11-Jun-2015 |
jkim |
MFC: r284283
Merge OpenSSL 1.0.1n.
|
| #
280304 |
|
20-Mar-2015 |
jkim |
MFC: r280297
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
| #
276864 |
|
08-Jan-2015 |
jkim |
MFC: r276861, r276863
Merge OpenSSL 1.0.1k.
|
| #
269686 |
|
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
| #
264331 |
|
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
| #
260404 |
|
07-Jan-2014 |
delphij |
MFC r260403 (MFV r260399):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
|