OpenSSL v0.9.8.b Release Notes
Release Date: 2006-09-05 // over 17 years ago-
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [CVE-2006-4339][] [Ben Laurie and Google Security Team]
Add AES IGE and biIGE modes.
Ben Laurie
- Change the Unix randomness entropy gathering to use poll() when possible instead of select(), since the latter has some undesirable limitations.
Darryl Miles via Richard Levitte and Bodo Moeller
- Disable "ECCdraft" ciphersuites more thoroughly. Now special treatment in ssl/ssl_ciph.s makes sure that these ciphersuites cannot be implicitly activated as part of, e.g., the "AES" alias. However, please upgrade to OpenSSL 0.9.9[-dev] for non-experimental use of the ECC ciphersuites to get TLS extension support, which is required for curve and point format negotiation to avoid potential handshake problems.
Bodo Moeller
Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there.
Also deactivate the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired.
Bodo Moeller
- Fix RSA blinding Heisenbug (problems sometimes occurred on dual-core machines) and other potential thread-safety issues.
Bodo Moeller
- Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key versions), which is now available for royalty-free use (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). Also, add Camellia TLS ciphersuites from RFC 4132.
To minimize changes between patchlevels in the OpenSSL 0.9.8 series, Camellia remains excluded from compilation unless OpenSSL is configured with 'enable-camellia'.
NTT
- Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not necessarily true if compression is enabled and can result in false positives causing handshake failure. The actual bug test is ancient code so it is hoped that implementations will either have fixed it by now or any which still have the bug do not support compression.
Steve Henson