Changes between 1.0.2e and 1.1.0 [xx XXX xxxx]
+ *) Support for ChaCha20 and Poly1305 added to libcrypto and libssl.
+ [Andy Polyakov]
+
*) New EC_KEY_METHOD, this replaces the older ECDSA_METHOD and ECDH_METHOD
and integrates ECDSA and ECDH functionality into EC. Implementations can
now redirect key generation and no longer need to convert to or from
Note: the ecdsa.h and ecdh.h headers are now no longer needed and just
include the ec.h header file instead.
-
[Steve Henson]
*) Remove support for all 40 and 56 bit ciphers. This includes all the export
*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
- exclude it using the list of supported ciphers.
+ exclude it using the list of supported ciphers. This also means that the
+ "-no_ecdhe" option has been removed from s_server.
[Kurt Roeckx]
*) SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls
*) The demo files in crypto/threads were moved to demo/threads.
[Rich Salz]
- *) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron and sureware.
- [Matt Caswell]
+ *) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron, gmp,
+ and sureware.
+ [Matt Caswell, Rich Salz]
*) New ASN.1 embed macro.
*) Added HTTP GET support to the ocsp command.
[Rich Salz]
+ *) Changed default digest for the dgst and enc commands from MD5 to
+ sha256
+ [Rich Salz]
+
*) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
[Matt Caswell]
*) Added support for OCB mode. OpenSSL has been granted a patent license
compatible with the OpenSSL license for use of OCB. Details are available
- at https://www.openssl.org/docs/misc/OCB-patent-grant-OpenSSL.pdf. Support
+ at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support
for OCB can be removed by calling config with no-ocb.
[Matt Caswell]