Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Version negotiation has been rewritten. In particular SSLv23_method(),
+ SSLv23_client_method() and SSLv23_server_method() have been deprecated,
+ and turned into macros which simply call the new preferred function names
+ TLS_method(), TLS_client_method() and TLS_server_method(). All new code
+ should use the new names instead. Also as part of this change the ssl23.h
+ header file has been removed.
+ [Matt Caswell]
+
+ *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
+ code and the associated standard is no longer considered fit-for-purpose.
+ [Matt Caswell]
+
*) Added HTTP GET support to the ocsp command.
[Rich Salz]
- *) RAND_pseudo_bytes has been deprecated. Users should use RAND bytes instead.
+ *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
+ [Matt Caswell]
*) Added support for TLS extended master secret from
draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
whose return value is often ignored.
[Steve Henson]
- Changes between 1.0.2 and 1.0.2a [xx XXX xxxx]
+ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
+
+ *) Only support 256-bit or stronger elliptic curves with the
+ 'ecdh_auto' setting (server) or by default (client). Of supported
+ curves, prefer P-256 (both).
+ [Emilia Kasper]
+
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
*) ClientHello sigalgs DoS fix
[Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
*) Correct util/mkdef.pl to be selective about disabled algorithms.
- Previously, it would create entries for disableed algorithms no
+ Previously, it would create entries for disabled algorithms no
matter what.
[Richard Levitte]