OpenSSL v1.0.0.n Release Notes

Release Date: 2014-10-15 // over 7 years ago
    • Session Ticket Memory Leak.

    When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567][]

    Steve Henson

    • Build option no-ssl3 is incomplete.

    When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568][]

    Akamai and the OpenSSL team

    • Add support for TLS_FALLBACK_SCSV. Client applications doing fallback retries should call SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). [CVE-2014-3566][]

    Adam Langley, Bodo Moeller

    • Add additional DigestInfo checks.

    Reencode DigestInto in DER and check against the original when verifying RSA signature: this will reject any improperly encoded DigestInfo structures.

    Note: this is a precautionary measure and no attacks are currently known.

    Steve Henson