Bug Fix Advisory openssl bug fix and enhancement update

Advisory: RHBA-2013:1585-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated openssl packages that fix several bugs and add various enhancements are
now available for Red Hat Enterprise Linux 6.

The openssl packages provide a toolkit that implements the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

The openssl packages have been upgraded to upstream version 1.0.1e, which
provides a number of bug fixes and enhancements over the previous version,
including support for multiple new cryptographic algorithms and support for the
new versions (1.1, 1.2) of the transport layer security (TLS) protocol. This
update adds the following ciphers needed for transparent encryption and
authentication support in GlusterFS: Cipher-based MAC (CMAC), XEX Tweakable
Block Cipher with Ciphertext Stealing (AES-XTS), and Galous Counter Mode
(AES-GCM). The following new additional algorithms are now supported: ECDH,
ECDSA, and AES-CCM. (BZ#924250)

This update also fixes the following bugs:

* Previously, an incorrect variable size was passed to the getsockopt()
function. As a consequence, using the BIO (OpenSSL I/O) layer in datagram mode
caused termination with a segmentation fault. More specifically, the openssl
s_client command terminated unexpectedly on IBM System z with the "-dtls1"
option enabled. After this update, a correctly-sized variable is used, and the
datagram BIO functions no longer terminate with a segmentation fault on System
z. (BZ#830109)

* Prior to this update, the getaddrinfo() function returned an error that was
handled incorrectly in the openssl s_server command implementation.
Consequently, the OpenSSL s_server did not work on IPv4-only systems. With this
update, when getaddrinfo() fails on IPv6 addresses, the code has been modified
to fall back to the IPv4 address lookup. As a result, the openssl s_server now
correctly starts up on a computer with only IPv4 addresses configured.
(BZ#919404)

In addition, this update adds the following enhancements:

* The Intel RDRAND instruction is now used, when available, to generate random
numbers and has replaced the default OpenSSL random number generator. The
instruction is not used when OpenSSL runs in FIPS mode. (BZ#818446)

* The performance of OpenSSL on current IBM PowerPC processors has been
improved. (BZ#929291)

* The elliptic curve digital signature algorithm (ECDSA) and elliptic curve
Diffie–Hellman (ECDH) algorithms are now enabled in OpenSSL. These algorithms
support only elliptic curves listed in the national institute of standards and
technology (NIST) Suite B specification. (BZ#951690)

* The new "-trusted_first" option has been added to OpenSSL. This enables
preferring locally stored intermediate certificates instead of the intermediate
certificates sent by the TLS server. (BZ#951701)

* Versions 1.1 and 1.2 of the transport layer security (TLS) protocol are now
supported by the OpenSSL library. (BZ#969562)

* With this update, the "%{_prefix}" macro is used instead of the hardcoded
/usr/ directory in the openssl.spec file when configuring OpenSSL before
building. (BZ#969564)

* The next protocol negotiation (NPN) extension of the TLS protocol is now
supported by OpenSSL. This extension allows for negotiation of the application
protocol, which is used by the application, during the TLS handshake.
(BZ#987411)

* Due to the FIPS validation requirements, the FIPS Power-on self-tests (POST)
always have to run when the FIPS module is installed. For libraries, this is
ensured by running the self-tests from the dynamic library constructor function.
If the dracut-fips package is installed, OpenSSL now treats it as an indicator
that the OpenSSL FIPS module is installed and complete, and the self-tests run
whenever the OpenSSL dynamic library is loaded. (BZ#993584, BZ#999867)

Users of openssl are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.


Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openssl-1.0.1e-15.el6.src.rpm
File outdated by:  RHBA-2015:1398
    MD5: 6100c27b7577e610f453c0e8a2cbfa34
SHA-256: 856e992b500ad88dd2bfe24dc3f7e137f46825970bda935c81e9a14d9be52d04
 
IA-32:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-perl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: fde59ec5e11bf6e27efee0104361b3ab
SHA-256: 64b29defbf490bd41d6fcbbb8cf1edba23ec33080ec494a52135060d59b16a36
openssl-static-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 579a9f7700ff01bd5febd6512c6ee95e
SHA-256: 576fe28abb24d3d90f629d9b1b5033606849ff2ddaabb0333099607f95375168
 
x86_64:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 7e112ffd3edef2cb3f73f96b202efd0e
SHA-256: ec741ea9d568bbde2239ab32245685d4632ba20553f544f76f5ca358e73867b4
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-debuginfo-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: ef3f8df19b90ccff8873625bcb06df78
SHA-256: 7939b0825586375fbd85ec11ccf5082503b96330e7aa787713952dc3218ec7e0
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-devel-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: e362e2207b3f5bf0e5ce474e86eb3083
SHA-256: a28d4ab16cf23d543a211f52438210fe8c109a0d0afe9606f0d254a37f036ae1
openssl-perl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 758dbc594cbb94239d32ef5c6cace1b7
SHA-256: 57e08d39653d6f641954525653ca73144794f3d2bb6df5111fa0a32925afca96
openssl-static-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 0eda5fa85489c3f70345e6a737e58659
SHA-256: aaf825cb23fd83057759ccb0b1202a09ef3e00761d199d8100bbc83ab4e60f32
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
openssl-1.0.1e-15.el6.src.rpm
File outdated by:  RHBA-2015:1398
    MD5: 6100c27b7577e610f453c0e8a2cbfa34
SHA-256: 856e992b500ad88dd2bfe24dc3f7e137f46825970bda935c81e9a14d9be52d04
 
x86_64:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 7e112ffd3edef2cb3f73f96b202efd0e
SHA-256: ec741ea9d568bbde2239ab32245685d4632ba20553f544f76f5ca358e73867b4
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-debuginfo-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: ef3f8df19b90ccff8873625bcb06df78
SHA-256: 7939b0825586375fbd85ec11ccf5082503b96330e7aa787713952dc3218ec7e0
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-devel-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: e362e2207b3f5bf0e5ce474e86eb3083
SHA-256: a28d4ab16cf23d543a211f52438210fe8c109a0d0afe9606f0d254a37f036ae1
openssl-perl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 758dbc594cbb94239d32ef5c6cace1b7
SHA-256: 57e08d39653d6f641954525653ca73144794f3d2bb6df5111fa0a32925afca96
openssl-static-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 0eda5fa85489c3f70345e6a737e58659
SHA-256: aaf825cb23fd83057759ccb0b1202a09ef3e00761d199d8100bbc83ab4e60f32
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openssl-1.0.1e-15.el6.src.rpm
File outdated by:  RHBA-2015:1398
    MD5: 6100c27b7577e610f453c0e8a2cbfa34
SHA-256: 856e992b500ad88dd2bfe24dc3f7e137f46825970bda935c81e9a14d9be52d04
 
IA-32:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-perl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: fde59ec5e11bf6e27efee0104361b3ab
SHA-256: 64b29defbf490bd41d6fcbbb8cf1edba23ec33080ec494a52135060d59b16a36
openssl-static-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 579a9f7700ff01bd5febd6512c6ee95e
SHA-256: 576fe28abb24d3d90f629d9b1b5033606849ff2ddaabb0333099607f95375168
 
PPC:
openssl-1.0.1e-15.el6.ppc.rpm
File outdated by:  RHBA-2015:1398
    MD5: 7402fdfd3613a109da4630909976cc64
SHA-256: c3583c132c08b6d1b5de299b59cbbd3224d214fcd9b7ddf8f3b24deed44f3ae6
openssl-1.0.1e-15.el6.ppc64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 3ed8e353738639a4e6bb54e7532f7bea
SHA-256: 367fff1ebb86ac2bb5e4cbfe5b01aa026f7a94ce308af44352af732d769a9817
openssl-debuginfo-1.0.1e-15.el6.ppc.rpm
File outdated by:  RHBA-2015:1398
    MD5: fc7063efe03094692808248579c04841
SHA-256: 012dd307935e66d420dff81b6ac6257b436fb5daa2aff1e38380d1edbf0c8c66
openssl-debuginfo-1.0.1e-15.el6.ppc64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 87be20408815ab8a14e85569cb3c0674
SHA-256: a72e249632998696a2a84ec735370f5f79f6ae51a6a8cb2d79e240a1963cb429
openssl-devel-1.0.1e-15.el6.ppc.rpm
File outdated by:  RHBA-2015:1398
    MD5: 725829a0d7f72bbe1366987450c8ec3f
SHA-256: 11941768ea97336d268b8dbcd4e3ab7b57dc0226593576382217512b0dde37e9
openssl-devel-1.0.1e-15.el6.ppc64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 7f5c97608e723405933883ad8f14bb66
SHA-256: 6b10dcea3f4e32b8c97ab56570f2c9e16b11ab9c25b1f462cf2700d736375de1
openssl-perl-1.0.1e-15.el6.ppc64.rpm
File outdated by:  RHBA-2015:1398
    MD5: a89c7a8d4d60885db20c371a5ad667e2
SHA-256: d6f27b26708a22a73ba0ece188325906953d3d2c314428cfa040880602153d1c
openssl-static-1.0.1e-15.el6.ppc64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 749ea190049a2545cb85c5a9bc0384b4
SHA-256: fac8448d468f67284841e22cd42e8f88d10b7bd300bd53d86d9f38268f512f1a
 
s390x:
openssl-1.0.1e-15.el6.s390.rpm
File outdated by:  RHBA-2015:1398
    MD5: ebcb84d63caeef78b3a275da2140e8f1
SHA-256: 0a528d729bac4452a6bc5ee8ce1a1b8d439a3a31872fb5b97682f77de98bc61d
openssl-1.0.1e-15.el6.s390x.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5732dbd7a25edb56a21664c6f6fbacd3
SHA-256: 29beda2b4612386f500379df9e45d4942c6ed9c358620e8457ab82972c771a09
openssl-debuginfo-1.0.1e-15.el6.s390.rpm
File outdated by:  RHBA-2015:1398
    MD5: 351f54334b6385f76ec3c9c08b296deb
SHA-256: d4ec44f5a16d26de380c48c25646f90aa14f2441ea503ad54c694244f84dc38e
openssl-debuginfo-1.0.1e-15.el6.s390x.rpm
File outdated by:  RHBA-2015:1398
    MD5: 813397b01131ad991e2e195e571a6a5e
SHA-256: cc2c7c79820bf30a8a987f1aa1de1db61888134987b48e64e672828baa6ff550
openssl-devel-1.0.1e-15.el6.s390.rpm
File outdated by:  RHBA-2015:1398
    MD5: b3578cc241557f8f6111af0e01aded0a
SHA-256: d611dae9d967c07413fe92a07c9cf26008b459e201fd27de4b67fe78f06e6706
openssl-devel-1.0.1e-15.el6.s390x.rpm
File outdated by:  RHBA-2015:1398
    MD5: 40dd3e732852aaeb15bd2793439e0bfc
SHA-256: 0d9b3b901020748685e7309ce02e5f125eadd40540c440c8ab0e25317093644d
openssl-perl-1.0.1e-15.el6.s390x.rpm
File outdated by:  RHBA-2015:1398
    MD5: 43864b58c53997977e6bac989aa900ce
SHA-256: 1454b15ab086dcf32ef8312a0501372fe27128061f4c6cb4e3b83ad73e7598e2
openssl-static-1.0.1e-15.el6.s390x.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5e853dce2b42cd086ff9310d4b8319be
SHA-256: 57aa54a0074b0980012f6710aa52343fcd10934142c1ffef97eb40379f5c2bff
 
x86_64:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 7e112ffd3edef2cb3f73f96b202efd0e
SHA-256: ec741ea9d568bbde2239ab32245685d4632ba20553f544f76f5ca358e73867b4
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-debuginfo-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: ef3f8df19b90ccff8873625bcb06df78
SHA-256: 7939b0825586375fbd85ec11ccf5082503b96330e7aa787713952dc3218ec7e0
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-devel-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: e362e2207b3f5bf0e5ce474e86eb3083
SHA-256: a28d4ab16cf23d543a211f52438210fe8c109a0d0afe9606f0d254a37f036ae1
openssl-perl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 758dbc594cbb94239d32ef5c6cace1b7
SHA-256: 57e08d39653d6f641954525653ca73144794f3d2bb6df5111fa0a32925afca96
openssl-static-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 0eda5fa85489c3f70345e6a737e58659
SHA-256: aaf825cb23fd83057759ccb0b1202a09ef3e00761d199d8100bbc83ab4e60f32
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openssl-1.0.1e-15.el6.src.rpm
File outdated by:  RHBA-2015:1398
    MD5: 6100c27b7577e610f453c0e8a2cbfa34
SHA-256: 856e992b500ad88dd2bfe24dc3f7e137f46825970bda935c81e9a14d9be52d04
 
IA-32:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-perl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: fde59ec5e11bf6e27efee0104361b3ab
SHA-256: 64b29defbf490bd41d6fcbbb8cf1edba23ec33080ec494a52135060d59b16a36
openssl-static-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 579a9f7700ff01bd5febd6512c6ee95e
SHA-256: 576fe28abb24d3d90f629d9b1b5033606849ff2ddaabb0333099607f95375168
 
x86_64:
openssl-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 5a7a53abfaf11d0dcc4995d7085447bb
SHA-256: 5a7dcb455f5eb86fb6451ffe206b129e21b0ac8f982305a8c29e8e22a961d6a9
openssl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 7e112ffd3edef2cb3f73f96b202efd0e
SHA-256: ec741ea9d568bbde2239ab32245685d4632ba20553f544f76f5ca358e73867b4
openssl-debuginfo-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: 8298c2a501883ae4481af3f3c3c9a2cf
SHA-256: aba7d80b9b4d453a8ae9d935dca4067f149798e17a7681275a21ab06fb92ad9e
openssl-debuginfo-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: ef3f8df19b90ccff8873625bcb06df78
SHA-256: 7939b0825586375fbd85ec11ccf5082503b96330e7aa787713952dc3218ec7e0
openssl-devel-1.0.1e-15.el6.i686.rpm
File outdated by:  RHBA-2015:1398
    MD5: ade201ece63b98f6e1b0f517ee4110e4
SHA-256: cb080eefbc26e31341c74d85f5b411aef9516256ce198db3fe3f899ab62f24ed
openssl-devel-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: e362e2207b3f5bf0e5ce474e86eb3083
SHA-256: a28d4ab16cf23d543a211f52438210fe8c109a0d0afe9606f0d254a37f036ae1
openssl-perl-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 758dbc594cbb94239d32ef5c6cace1b7
SHA-256: 57e08d39653d6f641954525653ca73144794f3d2bb6df5111fa0a32925afca96
openssl-static-1.0.1e-15.el6.x86_64.rpm
File outdated by:  RHBA-2015:1398
    MD5: 0eda5fa85489c3f70345e6a737e58659
SHA-256: aaf825cb23fd83057759ccb0b1202a09ef3e00761d199d8100bbc83ab4e60f32
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1003922 - openssh update kills sshd daemon with FATAL FIPS SELFTEST FAILURE
1009027 - openssl speed cmd fails on FIPS enabled machine
1009995 - Memory leak in FIPS_selftest_aes_ccm and FIPS_selftest_aes_gcm
1012481 - s_server -dtls1 crashes in FIPS mode
987411 - Current openssl version does not support 'Next Protocol Negotiation'.



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/