version 1.48, 2014/10/21 19:42:58 |
version 1.49, 2014/10/23 18:44:20 |
|
|
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<li>LibreSSL |
|
<ul> |
|
<li>This release forks OpenSSL into LibreSSL, a version of the TLS/crypto |
|
stack with goals of modernizing the codebase, improving security, and |
|
applying best practice development processes. |
|
<li>No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, |
|
as well as antique compilers. |
|
<li>Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, |
|
CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is |
|
irrelevant, or because they require external non-free libraries to work. |
|
<li>No support for FIPS-140 compliance. |
|
<li>No EBCDIC support. |
|
<li>Use standard routines from the C library (malloc, strdup, snprintf...) |
|
instead of rolling our own, sometimes badly. |
|
<li>Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for |
|
all the entropy needs. |
|
<li>Remove the MD2 and SEED algorithms. |
|
<li>Remove J-PAKE, PSK and SRP (mis)features. |
|
<li>Aggressive cleaning of BN memory when no longer used. |
|
<li>No support for Kerberos. |
|
<li>No support for SSLv2. |
|
<li>No support for the questionable DTLS heartbeat extension. |
|
<li>No support for TLS compression. |
|
<li>No support for US-Export SSL ciphers. |
|
<li>Do not use the current time as a random seed in libssl. |
|
<li>Support for ChaCha and Poly1305 algorithm. |
|
<li>Support for Brainpool and ANSSI elliptic curves. |
|
<li>Support for AES-GCM and ChaCha20-Poly1305 AEAD modes. |
|
</ul> |
|
<p> |
|
|
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>SCSI Multipathing support via <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/mpath.4">mpath(4)</a> and associated path drivers on several architectures. |
<li>SCSI Multipathing support via <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/mpath.4">mpath(4)</a> and associated path drivers on several architectures. |
|
|
<li>Apache has been removed. |
<li>Apache has been removed. |
<li>Read support for ext4 filesystems. |
<li>Read support for ext4 filesystems. |
<li>Reworked mplocks as ticket locks instead of spinlocks on amd64, i386, and sparc64. This provides fairer access to the kernel lock between logical CPUs, especially in multi socket systems. |
<li>Reworked mplocks as ticket locks instead of spinlocks on amd64, i386, and sparc64. This provides fairer access to the kernel lock between logical CPUs, especially in multi socket systems. |
</ul> |
|
<p> |
|
|
|
<li>LibreSSL |
|
<ul> |
|
<li>No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, |
|
as well as antique compilers. |
|
<li>Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, |
|
CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is |
|
irrelevant, or because they require external non-free libraries to work. |
|
<li>No support for FIPS-140 compliance. |
|
<li>No EBCDIC support. |
|
<li>Use standard routines from the C library (malloc, strdup, snprintf...) |
|
instead of rolling our own, sometimes badly. |
|
<li>Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for |
|
all the entropy needs. |
|
<li>Remove the MD2 and SEED algorithms. |
|
<li>Remove J-PAKE, PSK and SRP (mis)features. |
|
<li>Aggressive cleaning of BN memory when no longer used. |
|
<li>No support for Kerberos. |
|
<li>No support for SSLv2. |
|
<li>No support for the questionable DTLS heartbeat extension. |
|
<li>No support for TLS compression. |
|
<li>No support for US-Export SSL ciphers. |
|
<li>Do not use the current time as a random seed in libssl. |
|
<li>Support for ChaCha and Poly1305 algorithm. |
|
<li>Support for Brainpool and ANSSI elliptic curves. |
|
<li>Support for AES-GCM and ChaCha20-Poly1305 AEAD modes. |
|
</ul> |
</ul> |
<p> |
<p> |
|
|