LibreSSL portable versions 2.3.7 and 2.4.3 are now released, along with
the newest development version 2.5.0, and will be available at a mirror
The following issues were fixed in all of the releases:
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions. (CVE-2016-6304)
* Avoid falling back to a weak digest for (EC)DH when using SNI with
* Issues related to recent CVE-2016-6306, "Certificate message OOB reads",
were fixed in the first LibreSSL releases two years ago, which were
reported to us by David Ramos of Stanford using the UC-KLEE tool
* Other recently-announced issues including recent CVE-2016-6305,
CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 did not apply.
LibreSSL 2.4.3 contains an additional fix:
* Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
LibreSSL 2.5.0 also contains the following improvements and fixes:
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
* Add support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this
brings in X509_check_host, X509_check_email, X509_check_ip, and
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak
* Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
* Limit the support of the "backward compatible" ssl2 handshake to
only be used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with