OBSOLETE Patch-ID# 150120-03
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security kssl
Synopsis: Obsoleted by: 150120-04 SunOS 5.10_x86: kssl patch
Date: Jan/19/2015
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10_x86
SunOS Release: 5.10_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 150119
Topic: SunOS 5.10_x86: kssl patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 19492209 19825297 19825374 19828635
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch: 118855-36 120012-14 127128-11 137138-09 144501-19 147148-26 (or greater)
Obsoleted by:
Files included with this patch:
/kernel/drv/amd64/kssl
/kernel/drv/kssl
/usr/include/inet/kssl/ksslapi.h
/usr/lib/kssladm
/usr/sbin/ksslcfg
Problem Description:
19492209 problem with KSSL
19825297 administrative enable or disable particular supported version of SSL/TLS in KSSL
19825374 problem with KSSL
19828635 uninitialized var 'cnt' in create_kssl_entry()
(from 150120-02)
15788601 KSSL fails to serve OpenSSL 1.0.1 client
17213052 15788601 breaks OpenSSL 0.9.[78] clients
(from 150120-01)
15874245 KSSL writes past the dblk buffer if TCP MSS is small
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: Once this patch is installed, it is necessary to reboot the system
to activate the fixes.
NOTE 2: The previously created KSSL instance will have protocol version
'SSLv3' disabled by default; only 'TLSv1.0' will be enabled by
default. It is possible to use command line option '-s ' for
'ksslcfg(1M)' to explicitly specify which SSL/TLS protocol
versions will be enabled when creating a new KSSL instance.
ksslcfg(1M) man page update for new option '-s ':
-s versions
Set of versions of SSL/TLS protocol which are
administratively enabled for Kernel SSL proxy
module. Recognized values are SSLv3 and TLSv1.0.
By default only TLSv1.0 is enabled. Note that
the versions are separated by comma and are
case-insensitive.
README -- Last modified date: Wednesday, March 2, 2016