Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
+ *) Deprecate ec2_mult.c and unify scalar multiplication code paths for
+ binary and prime elliptic curves.
+ [Billy Bob Brumley]
+
+ *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for
+ constant time fixed point multiplication.
+ [Billy Bob Brumley]
+
+ *) Updated CONTRIBUTING
+ [Rich Salz]
+
+ *) Updated DRBG / RAND to request nonce and additional low entropy
+ randomness from the system.
+ [Matthias St. Pierre]
+
+ *) Updated 'openssl rehash' to use OpenSSL consistent default.
+ [Richard Levitte]
+
+ *) Moved the load of the ssl_conf module to libcrypto, which helps
+ loading engines that libssl uses before libssl is initialised.
+ [Matt Caswell]
+
+ *) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA
+ [Matt Caswell]
+
+ *) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases.
+ [Ingo Schwarze, Rich Salz]
+
+ *) Added output of accepting IP address and port for 'openssl s_server'
+ [Richard Levitte]
+
+ *) Added a new API for TLSv1.3 ciphersuites:
+ SSL_CTX_set_ciphersuites()
+ SSL_set_ciphersuites()
+ [Matt Caswell]
+
+ *) Memory allocation failures consistenly add an error to the error
+ stack.
+ [Rich Salz]
+
+ *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values
+ in libcrypto when run as setuid/setgid.
+ [Bernd Edlinger]
+
+ *) Load any config file by default when libssl is used.
+ [Matt Caswell]
+
*) Added new public header file <openssl/rand_drbg.h> and documentation
for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview.
[Matthias St. Pierre]
below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
In order to avoid issues where legacy TLSv1.2 ciphersuite configuration
would otherwise inadvertently disable all TLSv1.3 ciphersuites the
- configuraton has been separated out. See the ciphers man page or the
+ configuration has been separated out. See the ciphers man page or the
SSL_CTX_set_ciphersuites() man page for more information.
[Matt Caswell]