X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=CHANGES;h=0d784d426318cc60fac85fc8f67f869c39deb842;hb=ad2695b1b753caa53d9127a6e869ed3692b08fee;hp=6c1a127ec9e478d3b0e05054194425f99d6d0a68;hpb=4d524040bc81d2db46a5530ba10a98686ab1c3ca;p=openssl.git

diff --git a/CHANGES b/CHANGES
index 6c1a127ec9..0d784d4263 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,26 @@
 
  Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
 
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt
+     remain enabled for now, but are just as unofficial, and the ID
+     has long expired; these will probably disappear soon.
+     [Bodo Moeller]
+
+  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+     macro.
+     [Bodo Moeller]
+
   *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
      dedicated Montgomery multiplication procedure, is introduced.
      BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
@@ -51,6 +71,36 @@
   *) Add print and set support for Issuing Distribution Point CRL extension.
      [Steve Henson]
 
+ Changes between 0.9.8a and 0.9.8b  [XX xxx XXXX]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
  Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
 
   *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
@@ -78,7 +128,7 @@
 
   *) Extended Windows CE support.
      [Satoshi Nakamura and Andy Polyakov]
- 
+
   *) Initialize SSL_METHOD structures at compile time instead of during
      runtime, thus removing the need for a lock.
      [Steve Henson]
@@ -977,6 +1027,9 @@
 
  Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
 
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
   *) Fixes for newer kerberos headers. NB: the casts are needed because
      the 'length' field is signed on one version and unsigned on another
      with no (?) obvious way to tell the difference, without these VC++