Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+ between NIDs and the more common NIST names such as "P-256". Enhance
+ ecparam utility and ECC method to recognise the NIST names for curves.
+ [Steve Henson]
+
*) Enhance SSL/TLS certificate chain handling to support different
chains for each certificate instead of one chain in the parent SSL_CTX.
[Steve Henson]
the correct format in RSA_verify so both forms transparently work.
[Steve Henson]
+ *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+ STRING form instead of a DigestInfo.
+ [Steve Henson]
+
*) Some servers which support TLS 1.0 can choke if we initially indicate
support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
encrypted premaster secret. As a workaround use the maximum pemitted
Add command line options to s_client/s_server.
[Steve Henson]
+ Changes between 1.0.0g and 1.0.0h [xx XXX xxxx]
+
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+ [Steve Henson]
+
Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.