ID: 171
Name: SSL_Updates_752
Version: 1.09
Dependences: 138, 131
Description: Version 1.0@@@HTTPS transactions were found to be quite slow. A recv call in function recv_with_timeout was performing non-blocking recvs without a select and just performing a one second sleep between recv calls. A select call was added and this reduced the amount of time sleeping. This greatly reduced the time to complete an SSL handshake transaction.@@@Version 1.01@@@Mitigates the Poodle SSL attack by blocking any SSLv3 connection attempts. (NETOS-105)@@@Version 1.02@@@Updated to OpenSSL version 1.0.2e - requires BSP Update v1.19@@@@@@KNOWN LIMITATIONS@@@-----------------@@@This OpenSSL 1.0.2e update does not integrate Digi Device Cloud functionality (formerly known as iDigi). The Device Cloud update will be delivered as a future update to NET+OS. Customers using the NET+OS Device Cloud capabilities are advised to not apply this update.@@@ @@@IMPORTANT NOTES@@@---------------@@@The average binary image size will increase by 200KB (or more) when linking in the new OpenSSL 1.0.2e libraries.@@@@@@Version 1.03@@@1. Use AES cipher list instead of HTTPS cipher list @@@2. Fix bug in wds_tls_setup_start (wds_tls_setup.c) in which app cert was mistakenly ignored.@@@3. Update certificate date range to go from 2015 to 2035.@@@@@@Version 1.04@@@Changed port number in src/examples/nasslclient/root.c to match example in readme file.@@@Only check certs when the cert verify flag is NOT set to SSL_CERTIFICATE_VERIFY_NONE. (NETOS-175)@@@@@@Version 1.05@@@Fixed a memory leak. (NETOS-184)@@@@@@Version 1.06@@@Modified the NASSLX509Generate function so it can now generate certificates signed using SHA1, SHA256, and SHA512 hash functions.  Updated the DigiESPProject web server so that it generates a self signed certificate using SHA256.  These changes were made because modern web servers no longer allow certificates signed with MD5. (NETOS-183)@@@@@@Version 1.07@@@HTTPS and TLS  threads were corrupted because of race conditions and when reaching gHttpsProxyConnectionCount.  TLS_MAX_CONNECTIONS increased from 8 to 9 to match gHttpsProxyConnectionCount.  Some socket comparison changed from > 0 to >=0.  ( NETOS-192 )@@@@@@Version 1.08@@@Changes to add subjectAltName to the server certificate to work with latest versions of Chrome.  (NETOS-207)@@@Avoid double initialization of RNG (NETOS-229)@@@@@@Version 1.09@@@Fix ssl connection when not using certificate database.@@@Fix ssl connection when using non blocking sockets.  ( NETOS-278)@@@
Minidescription: SSL updates since the release of NET+OS 7.5.2
platformversion: 7.5
Revision: 2
platform: netos
Relevance: RECOMMENDED
Filename: SSL_Updates_752_171.dipk
Date: 06/10/2020
Type: fix
Target: environment
neededfiles: none
Size: 15293kb
Installedsize: 38946kb
Checksum: 1f7a1d49f0d05913f791857f2ee51f38
