LibreSSL 2.2.0 发布,安全套接字库

2015年06月13日 14:58 210 次阅读 来源: 开源中国 作者: 路人甲
摘要 LibreSSL 2.2.0 发布,此版本是最新的 OpenBSD-current 版本,最新的 OpenBSD-stable 版本是 2.1.7。更新内容: * AIX Support - thanks to Michael Felt * Cygwin Support - thanks to Corinna Vinschen * Refactored build macros, support ...

LibreSSL 2.2.0 发布,此版本是最新的 OpenBSD-current 版本,最新的 OpenBSD-stable 版本是 2.1.7。


更新内容:


  * AIX Support - thanks to Michael Felt


  * Cygwin Support - thanks to Corinna Vinschen


  * Refactored build macros, support packaging libtls independently.

    There are more pieces required to support building and using OpenSSL

    with libtls, but this is an initial start at providing an

    independent package for people to start hacking on.


  * Removal of OPENSSL_issetugid and all library getenv calls.

    Applications can and should no longer rely on environment variables

    for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still

    supported with the openssl(1) command.


  * libtls API and documentation additions


  * Various bug fixes and simplifications to libssl and libcrypto


  * Fixes for the following issues are integrated into

     LibreSSL 2.1.7 and 2.2.0:

    - CVE-2015-1788 - Malformed ECParameters causes infinite loop

    - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time

    - CVE-2015-1792 - CMS verify infinite loop with unknown hash function

                      (this code is not enabled by default)


  * The following CVEs did not apply to LibreSSL or were fixed in earlier

    releases:

    - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)

    - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent

    - CVE-2014-8176 - Invalid free in DTLS


  * Fixes for the following CVEs are still in review for LibreSSL

    - CVE-2015-1791 - Race condition handling NewSessionTicket


LibreSSL 是一个免费版本的 SSL/TLS 协议,来自于 OpenSSL


LibreSSL 支持多平台,开发者宣称“我们不想要伤透你们的心”。

关注下方微信公众号“Java精选”(w_z90110),回复关键词领取资料:如Mysql、Hadoop、Dubbo、Spring Boot等,免费领取视频教程、资料文档和项目源码。

Java精选专注程序员推送一些Java开发知识,包括基础知识、各大流行框架(Mybatis、Spring、Spring Boot等)、大数据技术(Storm、Hadoop、MapReduce、Spark等)、数据库(Mysql、Oracle、NoSQL等)、算法与数据结构、面试专题、面试技巧经验、职业规划以及优质开源项目等。其中一部分由小编总结整理,另一部分来源于网络上优质资源,希望对大家的学习和工作有所帮助。
还可以输入136 讨论区:
评 论