X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=42557a66223bc9901fdf750ad7645b72a47798fa;hp=13e1a91c3ff4a5440c7e77ca6b42030a9bc30b7b;hb=72d3bcd144880d4bbfe0edf2fae211292a1ac2c8;hpb=98186eb4e4aef6262ed6b0f499348defa2c26893 diff --git a/NEWS b/NEWS index 13e1a91c3f..42557a6622 100644 --- a/NEWS +++ b/NEWS @@ -5,14 +5,17 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [in pre-release] + Major changes between OpenSSL 1.0.2g and OpenSSL 1.1.0 [in pre-release] + o Added support for "pipelining" + o Added the AFALG engine + o New threading API implemented o Support for ChaCha20 and Poly1305 added to libcrypto and libssl o Support for extended master secret o CCM ciphersuites o Reworked test suite, now based on perl, Test::Harness and Test::More - o Varous libcrypto structures made opaque including: BIGNUM, EVP_MD, - EVP_MD_CTX and HMAC_CTX. + o Various libcrypto structures made opaque including: BIGNUM, EVP_MD, + EVP_MD_CTX, HMAC_CTX, EVP_CIPHER and EVP_CIPHER_CTX. o libssl internal structures made opaque o SSLv2 support removed o Kerberos ciphersuite support removed @@ -24,10 +27,41 @@ o Support for OCB mode added to libcrypto o Support for asynchronous crypto operations added to libcrypto and libssl o Deprecated interfaces can now be disabled at build time either - relative to the latest relate via the "no-deprecated" Configure + relative to the latest release via the "no-deprecated" Configure argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. o Application software can be compiled with -DOPENSSL_API_COMPAT=version - to ensure that features deprecated before that version are not exposed. + to ensure that features deprecated in that version are not exposed. + o Support for RFC6698/RFC7671 DANE TLSA peer authentication + o Change of Configure to use --prefix as the main installation + directory location rather than --openssldir. The latter becomes + the directory for certs, private key and openssl.cnf exclusively. + o Reworked BIO networking library, with full support for IPv6. + o New "unified" build system + o New security levels + o Support for scrypt algorithm + o Support for X25519 + o Extended SSL_CONF support using configuration files + o KDF algorithm support. Implement TLS PRF as a KDF. + o Support for Certificate Transparency + o HKDF support. + + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) + + Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] + + o DH small subgroups (CVE-2016-0701) + o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] @@ -298,7 +332,7 @@ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]: o Add gcc 4.2 support. - o Add support for AES and SSE2 assembly lanugauge optimization + o Add support for AES and SSE2 assembly language optimization for VC++ build. o Support for RFC4507bis and server name extensions if explicitly selected at compile time.