Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Sign in to follow this  

Recommended Posts

We have released LibreSSL 2.4.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:

* Avoid continual processing of an unlimited number of TLS records,
which can cause a denial-of-service condition.

* In X509_cmp_time(), pass asn1_time_parse() the tag of the field
being parsed so that a malformed GeneralizedTime field is recognized as
an error instead of potentially being interpreted as if it was a valid
UTCTime.

* Improve ticket validity checking when tlsext_ticket_key_cb()
callback chooses a different HMAC algorithm.

* Check for packets with a truncated DTLS cookie.

* Detect zero-length encrypted session data early, instead of when
malloc(0) fails or the HMAC check fails.

* Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate()

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

 

https://www.libressl.org/

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×