Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
+ *) Add support for TLS extensions, specifically for the HostName extension
+ so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new
+ members for HostName support.
+
+ New functions (subject to change):
+
+ SSL_get_servername()
+ SSL_get_servername_type()
+ SSL_set_SSL_CTX()
+
+ New CTRL codes and macros (subject to change):
+
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ - SSL_CTX_set_tlsext_servername_callback()
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+ - SSL_CTX_set_tlsext_servername_arg()
+ SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname()
+ SSL_CTRL_GET_TLSEXT_HOSTNAME [similar to SSL_get_servername()]
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE
+ - SSL_set_tlsext_servername_done()
+
+ openssl s_client has a new '-servername' option.
+
+ openssl s_server has new options '-servername', '-cert2', and '-key2'
+ (subject to change); this allows testing the HostName extension for a
+ specific single host name ('-cert' and '-key' remain fallbacks for
+ handshakes without HostName negotiation).
+
+ [Peter Sylvester, Remy Allais, Christophe Renou]
+
+ *) Whirlpool hash implementation is added.
+ [Andy Polyakov]
+
+ *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to
+ bn(64,32). Because of instruction set limitations it doesn't have
+ any negative impact on performance. This was done mostly in order
+ to make it possible to share assembler modules, such as bn_mul_mont
+ implementations, between 32- and 64-bit builds without hassle.
+ [Andy Polyakov]
+
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
projects / openssl.git / blobdiff