This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development]
+ Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [under development]
o
+ Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
+
+ o Fixed a problem with verifying a certificate chain when using the
+ X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
+ o Fixed an issue where an OpenSSL TLS server may crash if sent a
+ maliciously crafted renegotiation ClientHello message from a client
+ (CVE-2021-3449)
+
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
+ Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+
+ o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
+
+ Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
+
+ o Disallow explicit curve parameters in verifications chains when
+ X509_V_FLAG_X509_STRICT is used
+ o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+ contexts
+ o Oracle Developer Studio will start reporting deprecation warnings
+
+ Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+
+ o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
+
+ Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+ o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
+ Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
+
+ o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ used in exponentiation with 512-bit moduli (CVE-2019-1551)
+ o Properly detect unexpected EOF while reading in libssl and report
+ it via SSL_ERROR_SSL
+
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
o Fixed a fork protection issue (CVE-2019-1549)