LibreSSL 2.2.0 发布,安全套接字库 - 开源中国社区
LibreSSL 2.2.0 发布,安全套接字库
oschina 2015年06月13日

LibreSSL 2.2.0 发布,安全套接字库

oschina oschina 发布于2015年06月13日 收藏 6 评论 6

免费体验IBM Cloud,构建Iot应用 >>>  

LibreSSL 2.2.0 发布,此版本是最新的 OpenBSD-current 版本,最新的 OpenBSD-stable 版本是 2.1.7。

更新内容:

  * AIX Support - thanks to Michael Felt

  * Cygwin Support - thanks to Corinna Vinschen

  * Refactored build macros, support packaging libtls independently.
    There are more pieces required to support building and using OpenSSL
    with libtls, but this is an initial start at providing an
    independent package for people to start hacking on.

  * Removal of OPENSSL_issetugid and all library getenv calls.
    Applications can and should no longer rely on environment variables
    for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
    supported with the openssl(1) command.

  * libtls API and documentation additions

  * Various bug fixes and simplifications to libssl and libcrypto

  * Fixes for the following issues are integrated into
     LibreSSL 2.1.7 and 2.2.0:
    - CVE-2015-1788 - Malformed ECParameters causes infinite loop
    - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
    - CVE-2015-1792 - CMS verify infinite loop with unknown hash function
                      (this code is not enabled by default)

  * The following CVEs did not apply to LibreSSL or were fixed in earlier
    releases:
    - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
    - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
    - CVE-2014-8176 - Invalid free in DTLS

  * Fixes for the following CVEs are still in review for LibreSSL
    - CVE-2015-1791 - Race condition handling NewSessionTicket

LibreSSL 是一个免费版本的 SSL/TLS 协议,来自于 OpenSSL

LibreSSL 支持多平台,开发者宣称“我们不想要伤透你们的心”。

本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处,尊重他人劳动共创开源社区。
转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:LibreSSL 2.2.0 发布,安全套接字库
分享
评论(6)
最新评论
0

引用来自“丑矬穷”的评论

安全套,接字库,32
我也断错句了,第一眼
0
0
0
@oschina 这个猥琐的家伙
0
前天不是发布了吗?现在才发新闻!
0
安全套,接字库,32
0
接字库是什么字库?
顶部