This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [under development]
+ Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [in pre-release]
+ o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
o Support for extended master secret
o CCM ciphersuites
o Reworked test suite, now based on perl, Test::Harness and Test::More
- o EVP_MD, EVP_MD_CTX and HMAC_CTX made opaque
+ o Varous libcrypto structures made opaque including: BIGNUM, EVP_MD,
+ EVP_MD_CTX, HMAC_CTX, EVP_CIPHER and EVP_CIPHER_CTX.
o libssl internal structures made opaque
o SSLv2 support removed
o Kerberos ciphersuite support removed
o RC4 removed from DEFAULT ciphersuites in libssl
o 40 and 56 bit cipher support removed from libssl
o All public header files moved to include/openssl, no more symlinking
- o SSL/TLS state machine and record layer rewritten
+ o SSL/TLS state machine, version negotiation and record layer rewritten
o EC revision: now operations use new EC_KEY_METHOD.
+ o Support for OCB mode added to libcrypto
+ o Support for asynchronous crypto operations added to libcrypto and libssl
+ o Deprecated interfaces can now be disabled at build time either
+ relative to the latest relate via the "no-deprecated" Configure
+ argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
+ o Application software can be compiled with -DOPENSSL_API_COMPAT=version
+ to ensure that features deprecated before that version are not exposed.
+ o Support for RFC6698/RFC7671 DANE TLSA peer authentication
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]