X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=NEWS;h=dd7e141ab98f6d2c00c5687918ba048a3a39cdb0;hb=b04f947941d08b5d077a63b017ecee5e4e2e11cc;hp=3a20deb07ceeacb5c868f0db25e779389cd8ce94;hpb=9b13e27c28364b6c0f18bd6674c4c9d2a5e2dea0;p=openssl.git diff --git a/NEWS b/NEWS index 3a20deb07c..dd7e141ab9 100644 --- a/NEWS +++ b/NEWS @@ -5,8 +5,9 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2g and OpenSSL 1.1.0 [in pre-release] + Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release] + o "shared" builds are now the default when possible o Added support for "pipelining" o Added the AFALG engine o New threading API implemented @@ -14,8 +15,8 @@ o Support for extended master secret o CCM ciphersuites o Reworked test suite, now based on perl, Test::Harness and Test::More - o Various libcrypto structures made opaque including: BIGNUM, EVP_MD, - EVP_MD_CTX, HMAC_CTX, EVP_CIPHER and EVP_CIPHER_CTX. + o *Most* libcrypto and libssl structures were made opaque including: + o libssl internal structures made opaque o SSLv2 support removed o Kerberos ciphersuite support removed @@ -43,6 +44,20 @@ o Extended SSL_CONF support using configuration files o KDF algorithm support. Implement TLS PRF as a KDF. o Support for Certificate Transparency + o HKDF support. + + Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] + + o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) + o Fix EVP_EncodeUpdate overflow (CVE-2016-2105) + o Fix EVP_EncryptUpdate overflow (CVE-2016-2106) + o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) + o EBCDIC overread (CVE-2016-2176) + o Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + o Remove LOW from the DEFAULT cipher list. This removes singles DES from + the default. + o Only remove the SSLv2 methods with the no-ssl2-method option. Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]