This update for openssl fixes the following issues including fixes for our ongoing FIPS 140-2 evaluation:
- Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32
problem (bsc#1027908)
- Use getrandom syscall instead of reading from /dev/urandom to get
at least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079 bsc#1044175)
- Fix x86 extended feature detection (bsc#1029523)
- Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"
environmental variable (bsc#1028723)
- s_client sent empty client certificate (bsc#1028281)
Add back certificate initialization set_cert_key_stuff()
which was removed in a previous update.
- Fix a bug in XTS key handling (bsc#1019637)
- Don't run FIPS power-up self-tests when the checksum files aren't
installed (bsc#1042392)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
- Submitted by Vítězslav Čížek (vitezslav_cizek)