X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/blobdiff_plain/75607dda74918d370b045dec1010449d46ec7ba8..31da3cc6703b1a921f7c6567c9391dc9b3c9f085:/crypto/openssl/CHANGES

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 04d332e338..3c9f51c5b7 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,16 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
 
   *) Don't set val to NULL when freeing up structures, it is freed up by