openssl-1.0.0-10.AXS4

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Security issues fixed with this release:
CVE-2011-0014
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability.
Fixed bugs:
- fix OCSP stapling vulnerability
- correct the README.FIPS document
- add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode
- listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6
- fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers