summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2015-01-06 22:12:15 +0100
committerDr. Stephen Henson <steve@openssl.org>2015-01-06 23:40:43 +0100
commit4138e3882556c762d77eb827b8be98507cde48df (patch)
tree3a2aec0a888060b8692670c06f2cbfa558e35ab4 /CHANGES
parentOnly inherit the session ID context in SSL_set_SSL_CTX if the existing (diff)
downloadopenssl-4138e3882556c762d77eb827b8be98507cde48df.tar.xz
openssl-4138e3882556c762d77eb827b8be98507cde48df.zip
use correct credit in CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to '')
-rw-r--r--CHANGES6
1 files changed, 4 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index f8dfbd427c..ef87df354d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -670,7 +670,8 @@
*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
- Thanks to Karthikeyan Bhargavan for reporting this issue.
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
(CVE-2014-3572)
[Steve Henson]
@@ -678,7 +679,8 @@
violated the TLS standard by allowing the use of temporary RSA keys in
non-export ciphersuites and could be used by a server to effectively
downgrade the RSA key length used to a value smaller than the server
- certificate. Thanks for Karthikeyan Bhargavan for reporting this issue.
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
(CVE-2015-0204)
[Steve Henson]