version 1.38, 2014/10/04 20:58:00 |
version 1.39, 2014/10/05 17:58:49 |
|
|
|
|
<li>LibreSSL |
<li>LibreSSL |
<ul> |
<ul> |
<li>... |
<li>No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, |
|
as well as antique compilers. |
|
<li>Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, |
|
CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is |
|
irrelevant, or because they require external non-free libraries to work. |
|
<li>No support for FIPS-140 compliance. |
|
<li>No EBCDIC support. |
|
<li>Use standard routines from the C library (malloc, strdup, snprintf...) |
|
instead of rolling our own, sometimes badly. |
|
<li>Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for |
|
all the entropy needs. |
|
<li>Remove the MD2 and SEED algorithms. |
|
<li>Remove J-PAKE, PSK and SRP (mis)features. |
|
<li>Aggressive cleaning of BN memory when no longer used. |
|
<li>No support for Kerberos. |
|
<li>No support for SSLv2. |
|
<li>No support for the questionable DTLS heartbeat extension. |
|
<li>No support for TLS compression. |
|
<li>No support for US-Export SSL ciphers. |
|
<li>Do not use the current time as a random seed in libssl. |
|
<li>Support for ChaCha and Poly1305 algorithm. |
|
<li>Support for Brainpool and ANSSI elliptic curves. |
|
<li>Support for AES-GCM and ChaCha20-Poly1305 AEAD modes. |
</ul> |
</ul> |
<p> |
<p> |
|
|