X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=README;h=b6dfda72bb7a3bd28e17a790bb8bf17eabf51665;hp=83636f5d62d44d4aff1fc20658caa9b066783abf;hb=eee8a40aa5e06841eed6fa8eb4f6109238d59aea;hpb=fc450b24b4e1d6e8602905290af5aa6de9f46b8c diff --git a/README b/README index 83636f5d62..b6dfda72bb 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.5a-beta1 20 Mar 2000 + OpenSSL 1.1.1-dev - Copyright (c) 1998-2000 The OpenSSL Project + Copyright (c) 1998-2016 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -10,168 +10,85 @@ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) - protocols as well as a full-strength general purpose cryptography library. - The project is managed by a worldwide community of volunteers that use the - Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + Transport Layer Security (TLS) protocols (including SSLv3) as well as a + full-strength general purpose cryptographic library. - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the - OpenSSL license plus the SSLeay license) situation, which basically means - that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. OVERVIEW -------- The OpenSSL toolkit includes: - libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server and client. - - libcrypto.a: - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not - actually logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which has been floating - around the net for a few years. It includes 15 - 'modes/variations' of DES (1, 2 and 3 key versions of ecb, - cbc, cfb and ofb; pcbc and a more general form of cfb and - ofb) including desx in cbc mode, a fast crypt(3), and - routines to read passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is popular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ascii-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. - - openssl: - A command line tool that can be used for: - Creation of RSA, DH and DSA key parameters - Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests - Handling of S/MIME signed or encrypted mail - - - PATENTS - ------- + libssl (with platform specific naming): + Provides the client and server-side implementations for SSLv3 and TLS. - Various companies hold various patents for various algorithms in various - locations around the world. _YOU_ are responsible for ensuring that your use - of any algorithms is legal by checking if there are any patents in your - country. The file contains some of the patents that we know about or are - rumoured to exist. This is not a definitive list. + libcrypto (with platform specific naming): + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. - RSA Data Security holds software patents on the RSA and RC5 algorithms. If - their ciphers are used used inside the USA (and Japan?), you must contact RSA - Data Security for licensing conditions. Their web page is - http://www.rsa.com/. - - RC4 is a trademark of RSA Data Security, so use of this label should perhaps - only be used with RSA Data Security's permission. - - The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, - Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should - be contacted if that algorithm is to be used, their web page is - http://www.ascom.ch/. + openssl: + A command line tool that can be used for: + Creation of key parameters + Creation of X.509 certificates, CSRs and CRLs + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests + Handling of S/MIME signed or encrypted mail + And more... INSTALLATION ------------ - To install this package under a Unix derivative, read the INSTALL file. For - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read - INSTALL.VMS. + See the appropriate file: + INSTALL Linux, Unix, Windows, OpenVMS, ... + NOTES.* INSTALL addendums for different platforms - For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s - public key library, RSAREF, by configuring OpenSSL with the option "rsaref". - - Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions, you will probably have to look at the code to work out - how to used them. Look at the example programs. - - SUPPORT + SUPPORT ------- + See the OpenSSL website www.openssl.org for details on how to obtain + commercial technical support. Free community support is available through the + openssl-users email list (see + https://www.openssl.org/community/mailinglists.html for further details). + If you have any problems with OpenSSL then please take the following steps first: - - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ + - Download the latest version from the repository to see if the problem has already been addressed - - Remove ASM versions of libraries - - Remove compiler optimisation flags - - If you wish to report a bug then please include the following information in - any bug report: - - - On Unix systems: - Self-test report generated by 'make report' - - On other systems: - OpenSSL version: output of 'openssl version -a' - OS Name, Version, Hardware platform - Compiler Details (name, version) + - Configure with no-asm + - Remove compiler optimization flags + + If you wish to report a bug then please include the following information + and create an issue on GitHub: + + - OpenSSL version: output of 'openssl version -a' + - Any "Configure" options that you selected during compilation of the + library if applicable (see INSTALL) + - OS Name, Version, Hardware platform + - Compiler Details (name, version) - Application Details (name, version) - Problem Description (steps that will reproduce the problem, if known) - Stack Traceback (if the application dumps core) - Report the bug to the OpenSSL project at: - - openssl-bugs@openssl.org - - Note that mail to openssl-bugs@openssl.org is forwarded to a public - mailing list. Confidential mail may be sent to openssl-security@openssl.org - (PGP key available from the key servers). + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. Use the openssl-users email list for this type + of query. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- - Development is coordinated on the openssl-dev mailing list (see - http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-dev@openssl.org with - the string "[PATCH]" in the subject. Please be sure to include a - textual explanation of what your patch does. + See CONTRIBUTING - The preferred format for changes is "diff -u" output. You might - generate it like this: + LEGALITIES + ---------- - # cd openssl-work - # [your changes] - # ./Configure dist; make clean - # cd .. - # diff -urN openssl-orig openssl-work > mydiffs.patch + A number of nations restrict the use or export of cryptography. If you + are potentially subject to such restrictions you should seek competent + professional legal advice before attempting to develop or distribute + cryptographic code.