X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=cc9405c3bcdb6218dd70522420fa779a07308cd7;hp=f8cb8c08311ec09230a1e9c448b9eb9260d94699;hb=63b815583b467b8ca49ded29776f50a2f7906f00;hpb=ef5f6a08ff259d97236bfaa398f47f6700f86ddd diff --git a/NEWS b/NEWS index f8cb8c0831..cc9405c3bc 100644 --- a/NEWS +++ b/NEWS @@ -5,14 +5,115 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Configuration: Irix fixes, AIX fixes, better mingw support. + o Support for new platforms: linux-ia64-ecc. + o Build: shared library support fixes. + o ASN.1: treat domainComponent correctly. + o Documentation: fixes and additions. + + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: + + o Security: Important security related bugfixes. + o Enhanced compatibility with MIT Kerberos. + o Can be built without the ENGINE framework. + o IA32 assembler enhancements. + o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. + o Configuration: the no-err option now works properly. + o SSL/TLS: now handles manual certificate chain building. + o SSL/TLS: certain session ID malfunctions corrected. + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: o New library section OCSP. - o Complete haul-over of the ASN.1 library section. + o Complete rewrite of ASN1 code. + o CRL checking in verify code and openssl utility. + o Extension copying in 'ca' utility. + o Flexible display options in 'ca' utility. + o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. + o New elliptic curve library section. + o New AES (Rijndael) library section. + o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, + Linux x86_64 + o Extended support for some platforms: VxWorks + o Enhanced support for shared libraries. + o Support for pkg-config. + o Lots of new manuals. + o Change DES API to clean up the namespace (some applications link also + against libdes providing similar functions having the same name). + Provide macros for backward compatibility (will be removed in the + future). + o Unify handling of cryptographic algorithms (software and engine) + to be available via EVP routines for asymmetric and symmetric ciphers. + o NCONF: new configuration handling routines. + o Change API to use more 'const' modifiers to improve error checking + and help optimizers. + o Finally remove references to RSAref. + o Reworked parts of the BIGNUM code. + o Support for new engines: Broadcom ubsec, Accelerated Encryption + Processing, IBM 4758. + o A few new engines added in the demos area. + o Extended and corrected OID (object identifier) table. + o PRNG: query at more locations for a random device, automatic query for + EGD style random sources at several locations. + o SSL/TLS: allow optional cipher choice according to server's preference. + o SSL/TLS: allow server to explicitly set new session ids. + o SSL/TLS: support Kerberos cipher suites (RFC2712). + Only supports MIT Kerberos for now. + o SSL/TLS: allow more precise control of renegotiations and sessions. + o SSL/TLS: add callback to retrieve SSL/TLS messages. + o SSL/TLS: support AES cipher suites (RFC3268). + + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Build: shared library support fixes. + + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: + + o Important security related bugfixes. + + Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: + + o New configuration targets for Tandem OSS and A/UX. + o New OIDs for Microsoft attributes. + o Better handling of SSL session caching. + o Better comparison of distinguished names. + o Better handling of shared libraries in a mixed GNU/non-GNU environment. + o Support assembler code with Borland C. + o Fixes for length problems. + o Fixes for uninitialised variables. + o Fixes for memory leaks, some unusual crashes and some race conditions. + o Fixes for smaller building problems. + o Updates of manuals, FAQ and other instructive documents. + + Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: + + o Important building fixes on Unix. + + Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: + + o Various important bugfixes. + + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + + o Important security related bugfixes. + o Various SSL/TLS library bugfixes. + + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: + + o Various SSL/TLS library bugfixes. + o Fix DH parameter generation for 'non-standard' generators. - Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: + Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: o Various SSL/TLS library bugfixes. o BIGNUM library fixes. @@ -25,7 +126,7 @@ Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. - Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: + Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: o Security fix: PRNG improvements. o Security fix: RSA OAEP check. @@ -58,7 +159,7 @@ o Bug fixes for Win32, HP/UX and Irix. o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and memory checking routines. - o Bug fixes for RSA operations in threaded enviroments. + o Bug fixes for RSA operations in threaded environments. o Bug fixes in misc. openssl applications. o Remove a few potential memory leaks. o Add tighter checks of BIGNUM routines.