We should implement a countermeasure against the predictable-IV CBC

[openssl.git] / STATUS

diff --git a/STATUS b/STATUS
index e2a132da384aa3e3a8515ecdfd0205fb8d2cd6c7..3a6d0ae43506b7c2d8520945fefbc8dda916f6c1 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,10 +1,11 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2001/09/14 08:45:43 $
+  ______________                           $Date: 2002/02/13 10:21:25 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.6c: Released on December  21st, 2001
     o  OpenSSL 0.9.6b: Released on July       9th, 2001
     o  OpenSSL 0.9.6a: Released on April      5th, 2001
     o  OpenSSL 0.9.6:  Released on September 24th, 2000
@@ -23,10 +24,7 @@
 
   AVAILABLE PATCHES
 
-    o IA-64 (a.k.a. Intel Itanium) public-key operation performance 
-      patch for Linux is available for download at
-      http://www.openssl.org/~appro/096b.linux-ia64.diff. As URL
-      suggests the patch is relative to OpenSSL 0.9.6b.
+    o 
 
   IN PROGRESS
 
@@ -51,6 +49,15 @@
 
   NEEDS PATCH
 
+    o  An (optional) countermeasure against the predictable-IV CBC
+       weakness in SSL/TLS should be added; see
+       http://www.openssl.org/~bodo/tls-cbc.txt
+
+    o  All 'openssl' subprograms taking '-des' and '-des3' options should
+       include AES support (0.9.7-dev)
+
+    o  'openssl speed' should include AES support (0.9.7-dev)
+
     o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
 
     o  OpenSSL_0_9_6-stable:
@@ -106,6 +113,10 @@
 
   WISHES
 
+    o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
+       where the callback function can request that the function be aborted.
+       [Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]
+
     o  SRP in TLS.
        [wished by:
         Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,