BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.1.1 released.

16 October, 2014 by beck@openbsd.org | openbsd 

We have released LibreSSL 2.1.1- which should be arriving in the
LIbreSSL directory of an OpenBSD mirror near you very soon.

This release includes:

* Address POODLE attack by disabling SSLv3 by default
* Fix Eliptical Curve cipher selection bug
 (https://github.com/libressl-portable/portable/issues/35)

As well as continued ongoing fixes as we proactively change the
codebase to reflect modern safe programming practices. The success of
this is reflected in the fact that LibreSSL was not vulnerable to the
two memory leak issues released on "OpenSSL Tuesday" - They were in
fact initially
fixed in LibreSSL.

As noted before, we welcome feedback from the broader community.

Enjoy,

-Bob