#
308200 |
|
02-Nov-2016 |
delphij |
Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:
Don't allow too many consecutive warning alerts
Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many.
Issue reported by Shi Lei.
This is a direct commit to stable/10 and stable/9.
Security: CVE-2016-8610
|
#
306196 |
|
22-Sep-2016 |
jkim |
Merge OpenSSL 1.0.1u.
|
#
298999 |
|
03-May-2016 |
jkim |
Merge OpenSSL 1.0.1t.
Relnotes: yes
|
#
291721 |
|
03-Dec-2015 |
jkim |
Merge OpenSSL 1.0.1q.
|
#
284285 |
|
11-Jun-2015 |
jkim |
MFC: r284283
Merge OpenSSL 1.0.1n.
|
#
280304 |
|
20-Mar-2015 |
jkim |
MFC: r280297
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
#
276864 |
|
08-Jan-2015 |
jkim |
MFC: r276861, r276863
Merge OpenSSL 1.0.1k.
|
#
269686 |
|
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
#
264331 |
|
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
#
260404 |
|
07-Jan-2014 |
delphij |
MFC r260403 (MFV r260399):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449).
Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450
|
#
284285 |
|
11-Jun-2015 |
jkim |
MFC: r284283
Merge OpenSSL 1.0.1n.
|
#
280304 |
|
20-Mar-2015 |
jkim |
MFC: r280297
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
#
276864 |
|
08-Jan-2015 |
jkim |
MFC: r276861, r276863
Merge OpenSSL 1.0.1k.
|
#
269686 |
|
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
#
264331 |
|
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
#
260404 |
|
07-Jan-2014 |
delphij |
MFC r260403 (MFV r260399):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449).
Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450
|