mirror of
https://github.com/openssl/openssl.git
synced 2025-02-17 14:32:04 +08:00
changes: note about policy tree size limits and circumvention
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20571)
This commit is contained in:
Pauli
parent
cca6c050db
commit
83ff6cbd9a
13
CHANGES.md
13
CHANGES.md
@ -240,7 +240,18 @@ OpenSSL 3.2
|
||||
OpenSSL 3.1
|
||||
-----------
|
||||
|
||||
### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
|
||||
### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx]
|
||||
|
||||
* Limited the number of nodes created in a policy tree to mitigate
|
||||
against CVE-2023-0464. The default limit is set to 1000 nodes, which
|
||||
should be sufficient for most installations. If required, the limit
|
||||
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
|
||||
time define to a desired maximum number of nodes or zero to allow
|
||||
unlimited growth.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
### Changes between 3.0 and 3.1.0 [14 Mar 2023]
|
||||
|
||||
* Add FIPS provider configuration option to enforce the
|
||||
Extended Master Secret (EMS) check during the TLS1_PRF KDF.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user