BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.6.4 Released (fixed)

We have released LibreSSL 2.6.4, the first stable maintenance release from the
2.6.x series. It contains the following changes from the 2.6.3 release:

  * Made tls_config_parse_protocols() work correctly when passed a NULL
    pointer for a protocol string. Issue found by semarie@, who also
    provided the diff.

  * Corrected TLS extensions handling when no extensions are present.
    If no TLS extensions are present in a client hello or server hello,
    omit the entire extensions block, rather than including it with a
    length of zero. Thanks to Eric Elena <eric at voguemerry dot com> for
    providing packet captures and testing the fix.

  * Fixed portable builds on older Android systems, and systems without
    IPV6_TCLASS support.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.