Make D-H safer, include well-known primes.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index c9058ff939c4b147df6e3d524fc5ded349b64e26..a695a4dc635d5bc4810bca8617f7674fb287d5a9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,11 +2,15 @@
  OpenSSL CHANGES
  _______________
 
  OpenSSL CHANGES
  _______________
 

- Changes between 0.9.8 and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
+
+  *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
+     [Steve Henson]

 
   *) Remove the ancient ASN1_METHOD code. This was only ever used in one
      place for the (very old) "NETSCAPE" format certificates which are now
      handled using new ASN1 code equivalents.
 
   *) Remove the ancient ASN1_METHOD code. This was only ever used in one
      place for the (very old) "NETSCAPE" format certificates which are now
      handled using new ASN1 code equivalents.

+     [Steve Henson]

 
   *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
      pointer and make the SSL_METHOD parameter in SSL_CTX_new,
 
   *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
      pointer and make the SSL_METHOD parameter in SSL_CTX_new,


@@ -23,6 +27,12 @@
 
  Changes between 0.9.8 and 0.9.8a  [XX xxx XXXX]
 
 
  Changes between 0.9.8 and 0.9.8a  [XX xxx XXXX]
 

+  *) Avoid small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+

   *) Extended Windows CE support.
      [Satoshi Nakamura and Andy Polyakov]
  
   *) Extended Windows CE support.
      [Satoshi Nakamura and Andy Polyakov]