CVSROOT: /cvs Module name: src Changes by: jas...@cvs.openbsd.org 2010/12/15 02:42:29
Modified files: lib/libssl/src/ssl: s3_srvr.c s3_clnt.c Log message: Security fix for CVE-2010-4180 as mentioned in http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@