[1.1.1g-11] - Further changes for SP 800-56A rev3 requirements [1.1.1g-9] - Rewire FIPS_drbg API to use the RAND_DRBG - Use the well known DH groups in TLS even for 2048 and 1024 bit parameters [1.1.1g-7] - Disallow dropping Extended Master Secret extension on renegotiation - Return alert from s_server if ALPN protocol does not match - SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs ...
[1.1.1c-15] - add selftest of the RAND_DRBG implementation [1.1.1c-14] - fix incorrect error return value from FIPS_selftest_dsa - S390x: properly restore SIGILL signal handler [1.1.1c-12] - additional fix for the edk2 build [1.1.1c-9] - disallow use of SHA-1 signatures in TLS in FIPS mode [1.1.1c-8] - fix CVE-2019-1547 - side-channel weak encryption vulnerability - fix CVE-2019-1563 - padding ora ...