Pages

[Gregg]

Without much fanfare, both the OpenSSL and LibreSSL releases have been updated.

I've had the LibreSSL releases a few weeks and lagged on getting them out with all the fires around this area.
Now is as good a time as any to put them up.

Changes:

Changes between OpenSSL 1.1.1g and 1.1.1h [22 Sep 2020]

  *) Certificates with explicit curve parameters are now disallowed in
     verification chains if the X509_V_FLAG_X509_STRICT flag is used.
     [Tomas Mraz]

  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
     ignore TLS protocol version bounds when configuring DTLS-based contexts, and
     conversely, silently ignore DTLS protocol version bounds when configuring
     TLS-based contexts.  The commands can be repeated to set bounds of both
     types.  The same applies with the corresponding "min_protocol" and
     "max_protocol" command-line switches, in case some application uses both TLS
     and DTLS.
 
     SSL_CTX instances that are created for a fixed protocol version (e.g.
     TLSv1_server_method()) also silently ignore version bounds.  Previously
     attempts to apply bounds to these protocol versions would result in an
     error.  Now only the "version-flexible" SSL_CTX instances are subject to
     limits in configuration files in command-line options.
     [Viktor Dukhovni]

  *) Handshake now fails if Extended Master Secret extension is dropped
     on renegotiation.
     [Tomas Mraz]

  *) The Oracle Developer Studio compiler will start reporting deprecated APIs


Changes between LibreSSL 3.1.3 and 3.1.4  [17 Aug 2020]


    * Improve client certificate selection to allow EC certificates
      instead of only RSA certificates.

    * Do not error out if a TLSv1.3 server requests an OCSP response as
      part of a certificate request.

    * Fix SSL_shutdown behavior to match the legacy stack.  The previous
      behaviour could cause a hang.

    * Fix a memory leak and add a missing error check in the handling of
      the key update message.

    * Fix a memory leak in tls13_record_layer_set_traffic_key.

    * Avoid calling freezero with a negative size if a server sends a
      malformed plaintext of all zeroes.

    * Ensure that only PSS may be used with RSA in TLSv1.3 in order
      to avoid using PKCS1-based signatures.

    * Add the P-521 curve to the list of curves supported by default
      in the client.


As always, you can get your copy of the updated Apache HTTP Server from our download page.