* ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as a

countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2012-12-18 02:02:43 +0000
committer: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2012-12-18 02:02:43 +0000
commit: 84f1dae9d637a2038d1b395bcc2f22404770d2d7 (patch)
tree: 81b323155d26e9eeb2cd8cd4241bbe642dc49ff2 /NEWS
parent: f5a32acb97dec5c798001f2eb6d31bb78fda0113 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index db31e6773f..a497d247f6 100644
--- a/NEWS
+++ b/NEWS
@@ -256,7 +256,11 @@ with all sufficient information, see the ChangeLog file.
     with OpenSSL 1.0.1 and higher.
   * OpenSSL::OPENSSL_FIPS allows client applications to detect whether OpenSSL
     is running in FIPS mode and to react to the special requirements this
-    might impy.
+    might imply.
+  * The default options for OpenSSL::SSL::SSLContext have changed to
+    OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
+    instead of OpenSSL::SSL::OP_ALL only. This enables the countermeasure for
+    the BEAST attack by default.
 
 * ostruct
   * new methods:
author	emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2012-12-18 02:02:43 +0000
committer	emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2012-12-18 02:02:43 +0000
commit	84f1dae9d637a2038d1b395bcc2f22404770d2d7 (patch)
tree	81b323155d26e9eeb2cd8cd4241bbe642dc49ff2 /NEWS
parent	f5a32acb97dec5c798001f2eb6d31bb78fda0113 (diff)