o New library section OCSP.
o Complete haul-over of the ASN.1 library section.
+ o Support for external crypto devices ('engine') is no longer
+ a separate distribution.
+
+ Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+
+ o Security fix: PRNG improvements.
+ o Security fix: RSA OAEP check.
+ o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+ attack.
+ o MIPS bug fix in BIGNUM.
+ o Bug fix in "openssl enc".
+ o Bug fix in X.509 printing routine.
+ o Bug fix in DSA verification routine and DSA S/MIME verification.
+ o Bug fix to make PRNG thread-safe.
+ o Bug fix in RAND_file_name().
+ o Bug fix in compatibility mode trust settings.
+ o Bug fix in blowfish EVP.
+ o Increase default size for BIO buffering filter.
+ o Compatibility fixes in some scripts.
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
o Security fix: prevent Bleichenbacher's DSA attack.
o Security fix: Zero the premaster secret after deriving the
master secret in DH ciphersuites.
+ o Reimplement SSL_peek(), which had various problems.
+ o Compatibility fix: the function des_encrypt() renamed to
+ des_encrypt1() to avoid clashes with some Unixen libc.
o Bug fixes for Win32, HP/UX and Irix.
o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
memory checking routines.
o Add tighter checks of BIGNUM routines.
o Shared library support has been reworked for generality.
o More documentation.
- o New function BN_rand_range()
+ o New function BN_rand_range().
o Add "-rand" option to openssl s_client and s_server.
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
o New 'rsautl' application, low level RSA utility.
o MD4 now included.
o Bugfix for SSL rollback padding check.
- o Support for external crypto devices.
+ o Support for external crypto devices [1].
o Enhanced EVP interface.
+ [1] The support for external crypto devices is currently a separate
+ distribution. See the file README.ENGINE.
+
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8