OpenSSL v1.0.0.n Release Notes
Release Date: 2014-10-15 // over 9 years ago-
- Session Ticket Memory Leak.
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567][]
Steve Henson
- Build option no-ssl3 is incomplete.
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568][]
Akamai and the OpenSSL team
- Add support for TLS_FALLBACK_SCSV. Client applications doing fallback retries should call SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). [CVE-2014-3566][]
Adam Langley, Bodo Moeller
- Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original when verifying RSA signature: this will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure and no attacks are currently known.
Steve Henson