This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]
-
- o Support for TLSv1.3 added
+ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
+
+ o X509 certificates signed using SHA1 are no longer allowed at security
+ level 1 or higher. The default security level for TLS is 1, so
+ certificates signed using SHA1 are by default no longer trusted to
+ authenticate servers or clients.
+ o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
+ disabled; the project uses address sanitize/leak-detect instead.
+ o Added OSSL_SERIALIZER, a generic serializer API.
+ o Added error raising macros, ERR_raise() and ERR_raise_data().
+ o Deprecated ERR_put_error().
+ o Added OSSL_PROVIDER_available(), to check provider availibility.
+ o Added 'openssl mac' that uses the EVP_MAC API.
+ o Added 'openssl kdf' that uses the EVP_KDF API.
+ o Add OPENSSL_info() and 'openssl info' to get built-in data.
+ o Add support for enabling instrumentation through trace and debug
+ output.
+ o Changed our version number scheme and set the next major release to
+ 3.0.0
+ o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
+ bridge.
+ o Removed the heartbeat message in DTLS feature.
+ o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
+ bridge.
+ o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
+ SHA256, SHA384, SHA512 and Whirlpool digest functions have been
+ deprecated.
+ o All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
+ RC4, RC5 and SEED cipher functions have been deprecated.
+
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
+ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
+
+ o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
+ for further important information). The TLSv1.3 implementation includes:
+ o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+ o Early data (0-RTT)
+ o Post-handshake authentication and key update
+ o Middlebox Compatibility Mode
+ o TLSv1.3 PSKs
+ o Support for all five RFC8446 ciphersuites
+ o RSA-PSS signature algorithms (backported to TLSv1.2)
+ o Configurable session ticket support
+ o Stateless server support
+ o Rewrite of the packet construction code for "safer" packet handling
+ o Rewrite of the extension handling code
o Complete rewrite of the OpenSSL random number generator to introduce the
following capabilities
o The default RAND method now utilizes an AES-CTR DRBG according to
o Support for various new cryptographic algorithms including:
o SHA3
o SHA512/224 and SHA512/256
- o EdDSA (including Ed25519 and Ed448)
+ o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
o X448 (adding to the existing X25519 support in 1.1.0)
o Multi-prime RSA
o SM2
o SipHash
o ARIA (including TLS support)
o Significant Side-Channel attack security improvements
+ o Add a new ClientHello callback to provide the ability to adjust the SSL
+ object at an early stage.
o Add 'Maximum Fragment Length' TLS extension negotiation and support
o A new STORE module, which implements a uniform and URI based reader of
stores that can contain keys, certificates, CRLs and numerous other
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
- o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+ o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
projects / openssl.git / blobdiff