Overview
Request 985527 accepted
- Add openssl-update_expired_certificates.patch
- Rebase openssl-1.1-fix-mingw-compile.patch
- Update to 1.1.1n: [bsc#1196877, CVE-2022-0778]
* Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
in BN_mod_sqrt() reachable when parsing certificates.
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
* Rebase openssl-1.1.1-fips.patch openssl-1.1.1-evp-kdf.patch
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742]
* Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch
* Optimize AES-XTS mode for aarch64:
openssl-1_1-Optimize-AES-XTS-aarch64.patch
* Optimize AES-GCM for uarchs with unroll and new instructions:
openssl-1_1-Optimize-AES-GCM-uarchs.patch
- POWER10 performance enhancements for cryptography [jsc#SLE-18136]
* openssl-1_1-Optimize-ppc64.patch
Request History
rhabacker created request
- Add openssl-update_expired_certificates.patch
- Rebase openssl-1.1-fix-mingw-compile.patch
- Update to 1.1.1n: [bsc#1196877, CVE-2022-0778]
* Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
in BN_mod_sqrt() reachable when parsing certificates.
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
* Rebase openssl-1.1.1-fips.patch openssl-1.1.1-evp-kdf.patch
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742]
* Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch
* Optimize AES-XTS mode for aarch64:
openssl-1_1-Optimize-AES-XTS-aarch64.patch
* Optimize AES-GCM for uarchs with unroll and new instructions:
openssl-1_1-Optimize-AES-GCM-uarchs.patch
- POWER10 performance enhancements for cryptography [jsc#SLE-18136]
* openssl-1_1-Optimize-ppc64.patch
fstrba accepted request
