update and sync ordinals

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 210f90e86de811e4164c0220d7b9ac5a043a5f4d..ca5075cc2314a3779a6b6b2e1b953a97032307bf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
 
+  *) Add an "external" session cache for debugging purposes to s_server. This
+     should help trace issues which normally are only apparent in deployed
+     multi-process servers.
+     [Steve Henson]
+
   *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
      a few changes are required:
 
@@ -39,6 +44,15 @@
 
  Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx]
 
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz@vcpc.univie.ac.at>]
+
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+
   *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
      change when encrypting or decrypting.
      [Bodo Moeller]
@@ -895,7 +909,7 @@
      the updated NID creation version. This should correctly handle UTF8.
      [Steve Henson]
 
-  *) Implement draft-ietf-tls-renegotiation. Re-enable
+  *) Implement draft-ietf-tls-renegotiation-03. Re-enable
      renegotiation but require the extension as needed. Unfortunately,
      SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
      bad idea. It has been replaced by