• Fixes several compiler warning about unchecked error handling. Analysis of
affected code did not find any readily explitable attack vector; so this
gets fixed as a preventative measure.
• Add TLS1.1 and TLS1.2 OpenSSL modules.
• A number of changes to the SSL configuration settings. A stock
installation should come up using DH parameters by default. This is done by
removing the TLS_DHCERTFILE setting, and replacing it with a TLS_DHPARAMS
setting that loads a file containing DH parameters only (TLS_DHCERTFILE's
ancillary functionality is merged into TLS_CERTFILE).
• The default startup script runs a new mkdhparams script, which creates the
DH parameter file if it does not exist. The RPM package installs a monthly
cron job that creates a new DH parameter file.