OpenSSL v1.0.1.b Release Notes

Release Date: 2012-05-10 // about 10 years ago
    • Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack.

    Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. [CVE-2012-2333][]

    Steve Henson

    • Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue.

    Steve Henson

    • In FIPS mode don't try to use composite ciphers as they are not approved.

    Steve Henson