Newsflash |  State |  Release Notes |  ChangeLog |  Vulnerabilities 


OpenSSL 1.0.1 Branch Release notes

The major changes and known issues for the 1.0.1 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

Additional details of changes can be found in the change log..

The complete list of changes can be found in the commit log.

Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [under development]

Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
  • Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
  • ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
  • PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
  • DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
  • Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
  • X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
  • Removed the export ciphers from the DEFAULT ciphers
Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
  • Build fixes for the Windows and OpenVMS platforms
Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
  • Don't include gmt_unix_time in TLS server and client random values
  • Fix for TLS record tampering bug CVE-2013-4353
  • Fix for TLS version checking bug CVE-2013-6449
  • Fix for DTLS retransmission bug CVE-2013-6450
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]: Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
  • Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
  • Include the fips configuration module.
  • Fix OCSP bad key DoS attack CVE-2013-0166
  • Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
  • Fix for TLS AESNI record handling flaw CVE-2012-2686
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
  • Fix TLS/DTLS record length checking bug CVE-2012-2333
  • Don't attempt to use non-FIPS composite ciphers in FIPS mode.
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
  • Fix compilation error on non-x86 platforms.
  • Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
  • Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
  • Fix for ASN1 overflow bug CVE-2012-2110
  • Workarounds for some servers that hang on long client hellos.
  • Fix SEGV in AES code.
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
  • TLS/DTLS heartbeat support.
  • SCTP support.
  • RFC 5705 TLS key material exporter.
  • RFC 5764 DTLS-SRTP negotiation.
  • Next Protocol Negotiation.
  • PSS signatures in certificates, requests and CRLs.
  • Support for password based recipient info for CMS.
  • Support TLS v1.2 and TLS v1.1.
  • Preliminary FIPS capability for unvalidated 2.0 FIPS module.
  • SRP support.