CVSROOT:        /cvs
Module name:    src
Changes by:     jas...@cvs.openbsd.org  2010/12/15 02:42:29

Modified files:
        lib/libssl/src/ssl: s3_srvr.c s3_clnt.c 

Log message:
Security fix for CVE-2010-4180 as mentioned in 
http://www.openssl.org/news/secadv_20101202.txt.
where clients could modify the stored session
cache ciphersuite and in some cases even downgrade the suite to weaker ones.

This code is not enabled by default.

ok djm@

Reply via email to