### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * 'Configure' has been changed to figure out the configuration target if
+ none is given on the command line. Consequently, the 'config' script is
+ now only a mere wrapper. All documentation is changed to only mention
+ 'Configure'.
+
+ *Rich Salz and Richard Levitte*
+
+ * Added a library context that applications as well as other
+ libraries can use to form a separate context within which libcrypto
+ operations are performed.
+
+ There are two ways this can be used:
+
+ - Directly, by passing a library context to functions that take
+ such an argument, such as `EVP_CIPHER_fetch` and similar algorithm
+ fetching functions.
+ - Indirectly, by creating a new library context and then assigning
+ it as the new default, with `OPENSSL_CTX_set0_default`.
+
+ All public OpenSSL functions that take an `OPENSSL_CTX` pointer,
+ apart from the functions directly related to `OPENSSL_CTX`, accept
+ NULL to indicate that the default library context should be used.
+
+ Library code that changes the default library context using
+ `OPENSSL_CTX_set0_default` should take care to restore it with a
+ second call before returning to the caller.
+
+ *Richard Levitte*
+
+ * Handshake now fails if Extended Master Secret extension is dropped
+ on renegotiation.
+
+ *Tomas Mraz*
+
* Dropped interactive mode from the 'openssl' program. From now on,
the `openssl` command without arguments is equivalent to `openssl
help`.
*Paul Dale*
+ * The security strength of SHA1 and MD5 based signatures in TLS has been
+ reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
+ working at the default security level of 1 and instead requires security
+ level 0. The security level can be changed either using the cipher string
+ with @SECLEVEL, or calling SSL_CTX_set_security_level().
+
+ *Kurt Roeckx*
+
* EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and
EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side
internal keys, if they correspond to one of those built in types.
and HMAC_CTX_get_md.
Use of these low level functions has been informally discouraged for a long
- time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
- L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+ time. Instead applications should use L<EVP_MAC_new_ctx(3)>,
+ L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*
CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
Use of these low level functions has been informally discouraged for a long
- time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
- L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+ time. Instead applications should use L<EVP_MAC_new_ctx(3)>,
+ L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*