X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=CHANGES;h=685f98c5010a6ca9d90b536b044285d012b682e6;hb=98b3b116ab678532eb288f79cf73c1e8f8d3db6d;hp=c444b24a2c1e612eced338aeeed589ee5fe8938d;hpb=61aa44ca99473f9cabdfb2d3b35abd0b473437d1;p=openssl.git diff --git a/CHANGES b/CHANGES index c444b24a2c..685f98c501 100644 --- a/CHANGES +++ b/CHANGES @@ -34,6 +34,10 @@ MPE/iX Sinix/ReliantUNIX RM400 DGUX + NCR + Tandem + Cray + WIN16 [Rich Salz] *) Experimental support for a new, fast, unbiased prime candidate generator, @@ -337,6 +341,14 @@ Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] @@ -659,6 +671,23 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX.