OpenSSL 1.0.1f was released today. http://marc.info/?l=openssl- announce&m=138902140315854&w=2.
There are three CVE remediations included in the release: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450. http://www.openssl.org/news/openssl-1.0.1-notes.html. There's also an Apple SecureTransport bug workaround. Apple's SecrureTransport does not properly negotiate ECDHE_ECDSA cipher suites. It affects Mac OS X and could affect iOS (you know how Apple is about their security mistakes...). It might be prudent to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default. http://www.mail-archive.com /[email protected]/msg32629.html. Now might be a good time to revisit TLSv1.1 and TLSv1.2 support. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4353 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6449 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6450 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1256576 Title: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1256576/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
