Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.

Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.

(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)

Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.

Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.

RFC5114 parameters and X9.42 DH public and private keys.

methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

Submitted by: Emilia Kasper

Submitted by: Adam Langley
Reviewed by: Bodo Moeller

an induced error checking function.

Submitted by: Emilia Kasper (Google)

Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.

NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.

Submitted by: Bob Buckholz <bbuckholz@google.com>

Add explanatory comments to health check code.