CVS: cvs.openbsd.org: src

Jasper Lievisse Adriaanse Wed, 15 Dec 2010 01:46:36 -0800

CVSROOT:        /cvs
Module name:    src
Changes by:     jas...@cvs.openbsd.org  2010/12/15 02:44:23


Modified files:
        lib/libssl/src/ssl: Tag: OPENBSD_4_7 s3_clnt.c s3_srvr.c 

Log message:
Security fix for CVE-2010-4180 as mentioned in 
http://www.openssl.org/news/secadv_20101202.txt.
where clients could modify the stored session
cache ciphersuite and in some cases even downgrade the suite to weaker ones.

This code is not enabled by default.

ok djm@

CVS: cvs.openbsd.org: src

Reply via email to