OpenSSL Releases
----------------
+ - [OpenSSL 3.4](#openssl-34)
- [OpenSSL 3.3](#openssl-33)
- [OpenSSL 3.2](#openssl-32)
- [OpenSSL 3.1](#openssl-31)
- [OpenSSL 1.0.0](#openssl-100)
- [OpenSSL 0.9.x](#openssl-09x)
+OpenSSL 3.4
+-----------
+
+### Changes between 3.3 and 3.4 [xx XXX xxxx]
+
+ * Added options `-not_before` and `-not_after` for explicit setting
+ start and end dates of certificates created with the `req` and `x509`
+ apps. Added the same options also to `ca` app as alias for
+ `-startdate` and `-enddate` options.
+
+ *Stephan Wurm*
+
+ * The X25519 and X448 key exchange implementation in the FIPS provider
+ is unapproved and has `fips=no` property.
+
+ * Tomas Mraz*
+
+ * Use an empty renegotiate extension in TLS client hellos instead of
+ the empty renegotiation SCSV, for all connections with a minimum TLS
+ version > 1.0.
+
+ *Tim Perry*
+
+ * Added support for requesting CRL in CMP.
+
+ This work was sponsored by Siemens AG.
+
+ *Rajeev Ranjan*
+
+ * Added Attribute Certificate (RFC 5755) support. Attribute
+ Certificates can be created, parsed, modified and printed via the
+ public API. There is no command-line tool support at this time.
+
+ *Damian Hobson-Garcia*
+
OpenSSL 3.3
-----------
### Changes between 3.2 and 3.3 [xx XXX xxxx]
+ * The `-verify` option to the `openssl crl` and `openssl req` will make
+ the program exit with 1 on failure.
+
+ *Vladimír Kotal*
+
+ * The BIO_get_new_index() function can only be called 127 times before it
+ reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an
+ error of -1 once it is exhausted. Users may need to reserve using this
+ function for cases where BIO_find_type() is required. Either BIO_TYPE_NONE
+ or BIO_get_new_index() can be used to supply a type to BIO_meth_new().
+
+ *Shane Lontis*
+
* Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
using time_t which is Y2038 safe on 32 bit systems when 64 bit time
is enabled (e.g via setting glibc macro _TIME_BITS=64).
*Hugo Landau*
+ * Limited support for polling of QUIC connection and stream objects in a
+ non-blocking manner. Refer to the SSL_poll(3) manpage for details.
+
+ *Hugo Landau*
+
+ * Added APIs to allow querying the size and utilisation of a QUIC stream's
+ write buffer. Refer to the SSL_get_value_uint(3) manpage for details.
+
+ *Hugo Landau*
+
+ * New limit on HTTP response headers is introduced to HTTP client. The
+ default limit is set to 256 header lines. If limit is exceeded the
+ response processing stops with error HTTP_R_RESPONSE_TOO_MANY_HDRLINES.
+ Application may call OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3)
+ to change the default. Setting the value to 0 disables the limit.
+
+ *Alexandr Nedvedicky*
+
+ * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
+
+ *Tom Cosgrove*
+
+ * Added X509_STORE_get1_objects to avoid issues with the existing
+ X509_STORE_get0_objects API in multi-threaded applications. Refer to the
+ documentation for details.
+
+ *David Benjamin*
+
+ * Added assembly implementation for md5 on loongarch64
+
+ *Min Zhou*
+
+ * Optimized AES-CTR for ARM Neoverse V1 and V2
+
+ *Fisher Yu*
+
+ * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
+ similar to M1/M2.
+
+ *Tom Cosgrove*
+
+ * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
+ times with different output sizes.
+
+ *Shane Lontis, Holger Dengler*
+
+ * Various optimizations for cryptographic routines using RISC-V vector crypto
+ extensions
+
+ *Christoph Müllner, Charalampos Mitrodimas, Ard Biesheuvel, Phoebe Chen,
+ Jerry Shih*
+
+ * Accept longer context for TLS 1.2 exporters
+
+ While RFC 5705 implies that the maximum length of a context for exporters is
+ 65535 bytes as the length is embedded in uint16, the previous implementation
+ enforced a much smaller limit, which is less than 1024 bytes. This
+ restriction has been removed.
+
+ *Daiki Ueno*
+
OpenSSL 3.2
-----------
### Changes between 3.2.1 and 3.2.2 [xx XXX xxxx]
+ * Fixed an issue where some non-default TLS server configurations can cause
+ unbounded memory growth when processing TLSv1.3 sessions. An attacker may
+ exploit certain server configurations to trigger unbounded memory growth that
+ would lead to a Denial of Service
+
+ This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option
+ is being used (but not if early_data is also configured and the default
+ anti-replay protection is in use). In this case, under certain conditions,
+ the session cache can get into an incorrect state and it will fail to flush
+ properly as it fills. The session cache will continue to grow in an unbounded
+ manner. A malicious client could deliberately create the scenario for this
+ failure to force a Denial of Service. It may also happen by accident in
+ normal operation.
+
+ ([CVE-2024-2511])
+
+ *Matt Caswell*
+
* Fixed bug where SSL_export_keying_material() could not be used with QUIC
connections. (#23560)
<!-- Links -->
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129