Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Added support for TLS extended master secret from
+ draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
+ initial patch which was a great help during development.
+ [Steve Henson]
+
+ *) All libssl internal structures have been removed from the public header
+ files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
+ now redundant). Users should not attempt to access internal structures
+ directly. Instead they should use the provided API functions.
+ [Matt Caswell]
+
*) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
Access to deprecated functions can be re-enabled by running config with
"enable-deprecated". In addition applications wishing to use deprecated
done while fixing the error code for the key-too-small case.
[Annie Yousar <a.yousar@informatik.hu-berlin.de>]
+ *) Removed old DES API.
+ [Rich Salz]
+
*) Remove various unsupported platforms:
Sony NEWS4
BEOS and BEOS_R5
MPE/iX
Sinix/ReliantUNIX RM400
DGUX
+ NCR
+ Tandem
+ Cray
+ 16-bit platforms such as WIN16
+ [Rich Salz]
+
+ *) Start cleaning up OPENSSL_NO_xxx #define's
+ OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+ OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+ Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+ Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+ Remove MS_STATIC; it's a relic from platforms <32 bits.
+ [Rich Salz]
+
+ *) Start cleaning up dead code
+ Remove all but one '#ifdef undef' which is to be looked at.
[Rich Salz]
*) Experimental support for a new, fast, unbiased prime candidate generator,
Changes between 1.0.1k and 1.0.2 [xx XXX xxxx]
+ *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
+ ARMv5 through ARMv8, as opposite to "locking" it to single one.
+ So far those who have to target multiple plaforms would compromise
+ and argue that binary targeting say ARMv5 would still execute on
+ ARMv8. "Universal" build resolves this compromise by providing
+ near-optimal performance even on newer platforms.
+ [Andy Polyakov]
+
*) Accelerated NIST P-256 elliptic curve implementation for x86_64
(other platforms pending).
[Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov]
*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
- Thanks to Karthikeyan Bhargavan for reporting this issue.
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
(CVE-2014-3572)
[Steve Henson]
violated the TLS standard by allowing the use of temporary RSA keys in
non-export ciphersuites and could be used by a server to effectively
downgrade the RSA key length used to a value smaller than the server
- certificate. Thanks for Karthikeyan Bhargavan for reporting this issue.
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
(CVE-2015-0204)
[Steve Henson]