diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-20 15:26:50 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-12-20 23:46:16 +0000 |
commit | 20b82b514d81a64f5b240788e5051167456af379 (patch) | |
tree | b0b77dd1f987e0930e9ac2980d474198fce2c3f9 /CHANGES | |
parent | 560b34f2b016038209c7a67791613d0eb0381536 (diff) | |
download | openssl-20b82b514d81a64f5b240788e5051167456af379.zip openssl-20b82b514d81a64f5b240788e5051167456af379.tar.gz openssl-20b82b514d81a64f5b240788e5051167456af379.tar.bz2 |
Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -273,6 +273,11 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + *) TLS pad extension: draft-agl-tls-padding-02 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the |