Cryptography and SSL/TLS Toolkit

OpenSSL 1.0.1 Series Release Notes

The major changes and known issues for the 1.0.1 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

More details can be found in the ChangeLog.

Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016]

Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]

  • Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
  • Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
  • Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
  • Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
  • EBCDIC overread (CVE-2016-2176)
  • Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
  • Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
  • Only remove the SSLv2 methods with the no-ssl2-method option.

Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]

  • Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
  • Disable SSLv2 default build, default negotiation and weak ciphers (CVE-2016-0800)
  • Fix a double-free in DSA code (CVE-2016-0705)
  • Disable SRP fake user seed to address a server memory leak (CVE-2016-0798)
  • Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  • Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  • Fix side channel attack on modular exponentiation (CVE-2016-0702)

Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]

  • Protection for DH small subgroup attacks
  • SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]

  • Certificate verify crash with missing PSS parameter (CVE-2015-3194)
  • X509_ATTRIBUTE memory leak (CVE-2015-3195)
  • Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
  • In DSA_generate_parameters_ex, if the provided seed is too short, return an error

Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]

Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]

  • Fix HMAC ABI incompatibility

Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]

Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]

  • Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
  • ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
  • PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
  • DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
  • Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
  • X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
  • Removed the export ciphers from the DEFAULT ciphers

Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]

  • Build fixes for the Windows and OpenVMS platforms

Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]

Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]

Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]

Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]

Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]

Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]

  • Don't include gmt_unix_time in TLS server and client random values
  • Fix for TLS record tampering bug CVE-2013-4353
  • Fix for TLS version checking bug CVE-2013-6449
  • Fix for DTLS retransmission bug CVE-2013-6450

Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:

Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:

  • Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
  • Include the fips configuration module.
  • Fix OCSP bad key DoS attack CVE-2013-0166
  • Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
  • Fix for TLS AESNI record handling flaw CVE-2012-2686

Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:

  • Fix TLS/DTLS record length checking bug CVE-2012-2333
  • Don't attempt to use non-FIPS composite ciphers in FIPS mode.

Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:

  • Fix compilation error on non-x86 platforms.
  • Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
  • Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0

Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:

  • Fix for ASN1 overflow bug CVE-2012-2110
  • Workarounds for some servers that hang on long client hellos.
  • Fix SEGV in AES code.

Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:

  • TLS/DTLS heartbeat support.
  • SCTP support.
  • RFC 5705 TLS key material exporter.
  • RFC 5764 DTLS-SRTP negotiation.
  • Next Protocol Negotiation.
  • PSS signatures in certificates, requests and CRLs.
  • Support for password based recipient info for CMS.
  • Support TLS v1.2 and TLS v1.1.
  • Preliminary FIPS capability for unvalidated 2.0 FIPS module.
  • SRP support.