aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-11-13 16:59:00 -0500
committerJack Lloyd <[email protected]>2015-11-13 16:59:00 -0500
commitf4656160185f30d0d451e4fc53a091fc26d8ea0e (patch)
tree4fd451329ccd31df668ed478fa130fdc6057c1e0 /doc
parent81edfc8221b9da94ac1a453e78bf57a5a739b4ce (diff)
Fix bug causing TLS client to sometimes reject DHE server kex
Re-encoding the server key exchange meant that any leading zeros in the values for DHE (or SRP) would be stripped out. This would cause the signature check to fail.
Diffstat (limited to 'doc')
-rw-r--r--doc/news.rst4
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/news.rst b/doc/news.rst
index aa40fe2a9..2622c66bd 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -22,6 +22,10 @@ Version 1.11.25, Not Yet Released
TLS ciphersuite with an empty identity hint. ECDHE_PSK and DHE_PSK
suites were not affected.
+* Fixed a bug that would cause the TLS client to occasionally reject a
+ valid server key exchange message as having an invalid signature.
+ This only affected DHE ciphersuites.
+
* Support for negotiating use of SHA-224 in TLS has been disabled in the
default policy.