FlashFXP Forums - View Single Post - Compile new OpenSSL please?

Flow · 10-14-2005, 03:38 AM

http://www.openssl.org/

Changes between 0.9.8 and 0.9.8a [11 Oct 2005]

*) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
(part of SSL_OP_ALL). This option used to disable the
countermeasure against man-in-the-middle protocol-version
rollback in the SSL 2.0 server implementation, which is a bad
idea. (CAN-2005-2969)

[Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
for Information Security, National Institute of Advanced Industrial
Science and Technology [AIST], Japan)]

*) Add two function to clear and return the verify parameter flags.
[Steve Henson]

*) Keep cipherlists sorted in the source instead of sorting them at
runtime, thus removing the need for a lock.
[Nils Larsch]

*) Avoid some small subgroup attacks in Diffie-Hellman.
[Nick Mathewson and Ben Laurie]

*) Add functions for well-known primes.
[Nick Mathewson]

*) Extended Windows CE support.
[Satoshi Nakamura and Andy Polyakov]

*) Initialize SSL_METHOD structures at compile time instead of during
runtime, thus removing the need for a lock.
[Steve Henson]

*) Make PKCS7_decrypt() work even if no certificate is supplied by
attempting to decrypt each encrypted key in turn. Add support to
smime utility.
[Steve Henson]

Thanks a bunch

10-14-2005, 03:38 AM
Flow Senior Member Join Date: Dec 2001 Posts: 306	Compile new OpenSSL please? - 0.9.8a [11 Oct 2005] http://www.openssl.org/ Changes between 0.9.8 and 0.9.8a [11 Oct 2005] ) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad idea. (CAN-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial Science and Technology [AIST], Japan)] ) Add two function to clear and return the verify parameter flags. [Steve Henson] ) Keep cipherlists sorted in the source instead of sorting them at runtime, thus removing the need for a lock. [Nils Larsch] ) Avoid some small subgroup attacks in Diffie-Hellman. [Nick Mathewson and Ben Laurie] ) Add functions for well-known primes. [Nick Mathewson] ) Extended Windows CE support. [Satoshi Nakamura and Andy Polyakov] ) Initialize SSL_METHOD structures at compile time instead of during runtime, thus removing the need for a lock. [Steve Henson] ) Make PKCS7_decrypt() work even if no certificate is supplied by attempting to decrypt each encrypted key in turn. Add support to smime utility. [Steve Henson] Thanks a bunch