[blfs-book] OpenSSL 1.0.1f has been released [Freecode]
noreply at freecode.com
Thu Jan 9 14:21:10 PST 2014
Dear OpenSSL follower,
ondruska just announced version 1.0.1f of OpenSSL on Freecode.
The release notes for this version are as follows:
A TLS record tampering bug was fixed. A carefully crafted invalid handshake
could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS
digest and encryption contexts are kept in retransmission structures so that the
previous session parameters can be used if they need to be re-sent
(CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL)
which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari
on OS X was added.
The OpenSSL Project is a collaborative effort to
develop a robust, commercial-grade, fully
featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) as well as a full-strength
general-purpose cryptography library.
Detailed history and release notes are available here:
If you want to unfollow this project, please log in to:
This email was sent to blfs-book at linuxfromscratch.org.
Geeknet, Inc. | 594 Howard Street, Suite 300 | San Francisco, CA 94105
More information about the blfs-book