X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=README;h=694411d034efd7e8e47ee4a0ae63554a5bbadbc9;hp=60df1b797604c3f3fe2a4250f74dbb533d2aee17;hb=de5b3a8645a3b2dd22fa8866e64488eb2b69777d;hpb=058bf5596b7b496e4632ee30fb03192806d8e81f diff --git a/README b/README index 60df1b7976..694411d034 100644 --- a/README +++ b/README @@ -1,122 +1,93 @@ - OpenSSL 0.9.2 31-Dec-1998 + OpenSSL 1.1.1-pre5-dev - Copyright (c) 1998 The OpenSSL Project + Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. - .... + DESCRIPTION + ----------- The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Transport Layer Security (TLS v1) and Secure Sockets Layer (SSL v2/v3) - protocols with full-strength cryptography world-wide. The project is managed - by a worldwide community of volunteers that use the Internet to communicate, - plan, and develop the OpenSSL tookit and its related documentation. - - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young - and Tim J. Hudson. The OpenSSL toolkit is licensed under a BSD-style licence, - which basically means that you are free to get and use it for commercial and - non-commercial purposes. - - The package includes: - - libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server. - - libcrypto.a: - General encryption and X.509 stuff needed by TLS/SSL but not actually - logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which has been floating - around the net for a few years. It includes 15 - 'modes/variations' of DES (1, 2 and 3 key versions of ecb, - cbc, cfb and ofb; pcbc and a more general form of cfb and - ofb) including desx in cbc mode, a fast crypt(3), and - routines to read passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is polular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ascii-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. - - Programs in this package include: - - enc - a general encryption program that can encrypt/decrypt using - one of 17 different cipher/mode combinations. The - input/output can also be converted to/from base64 - ascii encoding. - dgst - a generate message digesting program that will generate - message digests for any of md2, md5, sha (sha-0 or sha-1) - or mdc2. - asn1parse - parse and display the structure of an asn1 encoded - binary file. - rsa - Manipulate RSA private keys. - dsa - Manipulate DSA private keys. - dh - Manipulate Diffie-Hellman parameter files. - dsaparam- Manipulate and generate DSA parameter files. - crl - Manipulate certificate revocation lists. - crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. - x509 - Manipulate x509 certificates, self-sign certificates. - req - Manipulate PKCS#10 certificate requests and also - generate certificate requests. - genrsa - Generates an arbitrary sized RSA private key. - gendsa - Generates DSA parameters. - gendh - Generates a set of Diffie-Hellman parameters, the prime - will be a strong prime. - ca - Create certificates from PKCS#10 certificate requests. - This program also maintains a database of certificates - issued. - verify - Check x509 certificate signatures. - speed - Benchmark OpenSSL's ciphers. - s_server- A test SSL server. - s_client- A test SSL client. - s_time - Benchmark SSL performance of SSL server programs. - errstr - Convert from OpenSSL hex error codes to a readable form. - nseq - Netscape certificate sequence utility - -To install this package, read the INSTALL file. -For the Microsoft world, read INSTALL.W32 file. - -For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s -public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to -build with RSAref. - -Read the documentation in the doc directory. It is quite rough, but it lists -the functions, you will probably have to look at the code to work out how to -used them. Look at the example programs. - + Transport Layer Security (TLS) protocols (including SSLv3) as well as a + full-strength general purpose cryptographic library. + + OpenSSL is descended from the SSLeay library developed by Eric A. Young + and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. + + OVERVIEW + -------- + + The OpenSSL toolkit includes: + + libssl (with platform specific naming): + Provides the client and server-side implementations for SSLv3 and TLS. + + libcrypto (with platform specific naming): + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. + + openssl: + A command line tool that can be used for: + Creation of key parameters + Creation of X.509 certificates, CSRs and CRLs + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests + Handling of S/MIME signed or encrypted mail + And more... + + INSTALLATION + ------------ + + See the appropriate file: + INSTALL Linux, Unix, Windows, OpenVMS, ... + NOTES.* INSTALL addendums for different platforms + + SUPPORT + ------- + + See the OpenSSL website www.openssl.org for details on how to obtain + commercial technical support. Free community support is available through the + openssl-users email list (see + https://www.openssl.org/community/mailinglists.html for further details). + + If you have any problems with OpenSSL then please take the following steps + first: + + - Download the latest version from the repository + to see if the problem has already been addressed + - Configure with no-asm + - Remove compiler optimization flags + + If you wish to report a bug then please include the following information + and create an issue on GitHub: + + - OpenSSL version: output of 'openssl version -a' + - Configuration data: output of 'perl configdata.pm --dump' + - OS Name, Version, Hardware platform + - Compiler Details (name, version) + - Application Details (name, version) + - Problem Description (steps that will reproduce the problem, if known) + - Stack Traceback (if the application dumps core) + + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. Use the openssl-users email list for this type + of query. + + HOW TO CONTRIBUTE TO OpenSSL + ---------------------------- + + See CONTRIBUTING + + LEGALITIES + ---------- + + A number of nations restrict the use or export of cryptography. If you + are potentially subject to such restrictions you should seek competent + professional legal advice before attempting to develop or distribute + cryptographic code.