When the SSL_CTX_use_serverinfo_file() function is used to configure
custom TLS extension data (e.g. for SCT data), AND the SSL_CTX in
question is configured for multiple server certificates, the SSL/TLS
handshake can fail unexpectedly, and will not return the configured TLS
extension data
The default TLS session ticket key used by OpenSSL uses
AES128-CBC-SHA256; considering the security offered by newer
ciphersuites, the TLS session ticket key algorithm should be
updated/improved, at least to AES256-CBC-SHA256. See:
https://github.com/openssl/openssl/issues/514
Cheers,
TJ
In the doc/openssl.txt document in openssl-0.9.7beta2, there is a very
minor mistake in an example subjectAltName line in the config file:
--- openssl.txt Tue Sep 19 17:50:25 2000
+++ /home/tj/openssl.txtSun Sep 1 22:08:10 2002
@@ -344,7 +344,7 @@
Examples: