diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-11-12 09:30:45 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-11-12 09:30:45 +0000 |
commit | 311ea893aa3aba4bb1314e2ce4acbf39a9d3fb57 (patch) | |
tree | 4f386ca01ca6faa20df161420039737eb845a2d9 /ChangeLog | |
parent | Version 2.1_rc20a (diff) | |
download | openvpn-311ea893aa3aba4bb1314e2ce4acbf39a9d3fb57.tar.xz |
Version 2.1_rc21v2.1_rc21
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5152 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | ChangeLog | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -1,6 +1,22 @@ OpenVPN Change Log Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net> +2009.11.12 -- Version 2.1_rc21 + +* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address + CVE-2009-3555. Note that OpenVPN has never relied on the session + renegotiation capabilities that are built into the SSL/TLS protocol, + therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation + completely) will not adversely affect OpenVPN mid-session SSL/TLS + renegotation or any other OpenVPN capabilities. + +* Added additional session renegotiation hardening. OpenVPN has always + required that mid-session renegotiations build up a new SSL/TLS + session from scratch. While the client certificate common name is + already locked against changes in mid-session TLS renegotiations, we + now extend this locking to the auth-user-pass username as well as all + certificate content in the full client certificate chain. + 2009.10.01 -- Version 2.1_rc20 * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the |