X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=f23f99266c8f1fa42b64555887dc1aa618a59f72;hp=a5217e48ba0f741211f437d58761ca3ba7a3816c;hb=748f254657ab900c0de5e9e1843150c2df4c4bea;hpb=1316ca80f4e1dc9339572c780d495f995fe0bad0 diff --git a/CHANGES b/CHANGES index a5217e48ba..f23f99266c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,14 +4,39 @@ Changes between 1.0.2g and 1.1.0 [xx XXX xxxx] + *) Add support for HKDF. + [Alessandro Ghedini] + + *) Add support for blake2b and blake2s + [Bill Cox] + + *) Added support for "pipelining". Ciphers that have the + EVP_CIPH_FLAG_PIPELINE flag set have a capability to process multiple + encryptions/decryptions simultaneously. There are currently no built-in + ciphers with this property but the expectation is that engines will be able + to offer it to significantly improve throughput. Support has been extended + into libssl so that multiple records for a single connection can be + processed in one go (for >=TLS 1.1). + [Matt Caswell] + + *) Added the AFALG engine. This is an async capable engine which is able to + offload work to the Linux kernel. In this initial version it only supports + AES128-CBC. The kernel must be version 4.1.0 or greater. + [Catriona Lucey] + + *) OpenSSL now uses a new threading API. It is no longer necessary to + set locking callbacks to use OpenSSL in a multi-threaded environment. There + are two supported threading models: pthreads and windows threads. It is + also possible to configure OpenSSL at compile time for "no-threads". The + old threading API should no longer be used. The functions have been + replaced with "no-op" compatibility macros. + [Alessandro Ghedini, Matt Caswell] + *) Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. [Todd Short] *) Add SSL_CIPHER queries for authentication and key-exchange. - - *) Modify behavior of ALPN to invoke callback after SNI/servername - callback, such that updates to the SSL_CTX affect ALPN. [Todd Short] *) Changes to the DEFAULT cipherlist: