Recent Releases

1.0.223 Jan 2015 20:25 major feature: Suite B support for TLS 1.2 and DTLS 1.2 Support for DTLS 1.2 TLS automatic EC curve selection. API to set TLS supported signature algorithms and curves SSL_CONF configuration API. TLS Brainpool support. ALPN support. CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
1.0.1j15 Oct 2014 21:26 security: SRTP Memory Leak (CVE-2014-3513). Session Ticket Memory Leak (CVE-2014-3567). Build option no-ssl3 was incomplete (CVE-2014-3568). Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). Add additional DigestInfo checks.
1.0.1i07 Aug 2014 21:12 security: CVE-2014-3512: Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B N to SRP code. CVE-2014-3511: A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. CVE-2014-3510: OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. CVE-2014-3507: By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. CVE-2014-3506: An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. CVE-2014-3505: An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. CVE-2014-3509: If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. CVE-2014-5139: A malicious server can crash an OpenSSL client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. CVE-2014-3508: A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases.
1.0.0n07 Aug 2014 21:09 security: CVE-2014-3510: OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. CVE-2014-3507: By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. CVE-2014-3506: An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. CVE-2014-3505: An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. CVE-2014-3509: If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. CVE-2014-3508: A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to bogus results, with non-infinity inputs mapped to infinity too.)
0.9.8zb07 Aug 2014 21:07 security: CVE-2014-3510: OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. CVE-2014-3507: By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. CVE-2014-3506: An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. CVE-2014-3505: An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. CVE-2014-3508: A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to bogus results, with non-infinity inputs mapped to infinity too.)