Compression handling on session resume was badly broken: it always

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index ed3870c7c485b638bc8388327aa4f868e8e167b1..9f15d3d6a1a74023b792a7a34320c6763a33dbeb 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
 
+  *) Add an "external" session cache for debugging purposes to s_server. This
+     should help trace issues which normally are only apparent in deployed
+     multi-process servers.
+     [Steve Henson]
+
   *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
      a few changes are required:
 
@@ -39,6 +44,15 @@
 
  Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx]
 
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
   *) Add load_crls() function to apps tidying load_certs() too. Add option
      to verify utility to allow additional CRLs to be included.
      [Steve Henson]
@@ -863,6 +877,11 @@
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect (but not renegotiate) with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
   *) Add "missing" ssl ctrls to clear options and mode.
      [Steve Henson]