Overview Repositories Revisions Requests Users Attributes Meta
Recommended update for openssl

This update for openssl fixes the following issues including fixes for our ongoing FIPS 140-2 evaluation:

- Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32
problem (bsc#1027908)
- Use getrandom syscall instead of reading from /dev/urandom to get
at least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079 bsc#1044175)
- Fix x86 extended feature detection (bsc#1029523)
- Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"
environmental variable (bsc#1028723)
- s_client sent empty client certificate (bsc#1028281)
Add back certificate initialization set_cert_key_stuff()
which was removed in a previous update.
- Fix a bug in XTS key handling (bsc#1019637)
- Don't run FIPS power-up self-tests when the checksum files aren't
installed (bsc#1042392)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Fixed bugs
bnc#1027688
FIPS: openssl: build openssl-cavs
bnc#1044175
new openssl getrandom() usage causes hangs in openqa
bnc#1019637
FIPS: openssl: AES XTS key parts must not be identical (FIPS 140-2 IG A.9)
bnc#1029523
OpenSSL : Extended feature support for Zen
bnc#1028723
FIPS: openssl: implement run-time switching between generic code and s390x optimized code
bnc#902364
FIPS: openssl, CAVS tests for AES GCM validation tool
bnc#1028281
"SSL3 alert write:fatal:handshake failure" after upgrading to 12 SP2
bnc#1027079
FIPS: openssl: use getrandom system call for DRBG seeding
bnc#1044095
FIPS: openssl: implement AES KeyWrap tests
bnc#1044107
FIPS: openssl: RSA keygen test needs to zero-pad keys to the requested bit length
bnc#1027908
VUL-0: openssl: adjust DEFAULT_SUSE to meet 1.0.2 and current state
bnc#1042392
L3-Question: Self-built application (naemon) causes high system load after update to SP2
Selected Binaries
openSUSE Build Service is sponsored by
Places