From 0695dfb71ca6fe132d15a4d0890e8a868183adf9 Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Mon, 21 Dec 2009 15:26:57 +0000
Subject: Switched to openssl-0.9.8l

---
 openssl/CHANGES | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'openssl/CHANGES')

diff --git a/openssl/CHANGES b/openssl/CHANGES
index 04d332e33..3c9f51c5b 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,16 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
 
   *) Don't set val to NULL when freeing up structures, it is freed up by
-- 
cgit v1.2.3