diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 21:12:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 22:41:27 +0000 |
commit | a936ba11480a33db5d65f54da23b6e815e2a4b93 (patch) | |
tree | a0a9ea7a2a7c57c15f9254ab5578c75eb689f425 /CHANGES | |
parent | ed736ddd74549ef80f17d5675e8aaf54da572336 (diff) | |
download | openssl-new-a936ba11480a33db5d65f54da23b6e815e2a4b93.tar.gz |
use correct credit in CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -376,7 +376,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -384,7 +385,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] |