X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=8fcfcceef1ed1bd22791d52079ee0c3660866539;hp=f8dfbd427c3ba06ccfee8266c89a92d366e232fe;hb=d62bc5d30f7d9519aeff9160f98b9ad9aa592c41;hpb=4fec91506975f62a2f93be71a46acc7fae7eef45

diff --git a/CHANGES b/CHANGES
index f8dfbd427c..8fcfcceef1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,17 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) Added support for TLS extended master secret from
+     draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
+     initial patch which was a great help during development.
+     [Steve Henson]
+
+  *) All libssl internal structures have been removed from the public header
+     files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
+     now redundant). Users should not attempt to access internal structures
+     directly. Instead they should use the provided API functions.
+     [Matt Caswell]
+
   *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
      Access to deprecated functions can be re-enabled by running config with
      "enable-deprecated". In addition applications wishing to use deprecated
@@ -26,6 +37,9 @@
      done while fixing the error code for the key-too-small case.
      [Annie Yousar <a.yousar@informatik.hu-berlin.de>]
 
+  *) Removed old DES API.
+     [Rich Salz]
+
   *) Remove various unsupported platforms:
 	Sony NEWS4
 	BEOS and BEOS_R5
@@ -34,6 +48,22 @@
 	MPE/iX
 	Sinix/ReliantUNIX RM400
 	DGUX
+	NCR
+	Tandem
+	Cray
+	16-bit platforms such as WIN16
+     [Rich Salz]
+
+  *) Start cleaning up OPENSSL_NO_xxx #define's
+	OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+	OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+	Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+        Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+        Remove MS_STATIC; it's a relic from platforms <32 bits.
+     [Rich Salz]
+
+  *) Start cleaning up dead code
+        Remove all but one '#ifdef undef' which is to be looked at.
      [Rich Salz]
 
   *) Experimental support for a new, fast, unbiased prime candidate generator,
@@ -670,7 +700,8 @@
   *) Abort handshake if server key exchange message is omitted for ephemeral
      ECDH ciphersuites.
 
-     Thanks to Karthikeyan Bhargavan for reporting this issue.
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
      (CVE-2014-3572)
      [Steve Henson]
 
@@ -678,7 +709,8 @@
      violated the TLS standard by allowing the use of temporary RSA keys in
      non-export ciphersuites and could be used by a server to effectively
      downgrade the RSA key length used to a value smaller than the server
-     certificate. Thanks for Karthikeyan Bhargavan for reporting this issue.
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
      (CVE-2015-0204)
      [Steve Henson]