===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/57.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -c -r1.72 -r1.73
*** www/57.html 2015/03/17 22:57:32 1.72
--- www/57.html 2015/03/18 15:23:30 1.73
***************
*** 457,468 ****
LibreSSL
! - Fix a Bleichenbacher style timing oracle with bad PKCS padding.
!
- Reluctantly add server-side support for TLS_FALLBACK_SCSV.
!
- Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.
!
- Jettison DTLS over SCTP.
!
- Fix memory leaks.
!
- Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl
mandoc 1.13.3:
--- 457,513 ----
LibreSSL
! - User-visible features:
!
! - Reluctantly add server-side support for TLS_FALLBACK_SCSV.
!
- Import BoringSSL's crypto bytestring and crypto bytebuilder
! APIs.
!
- Jettison DTLS over SCTP.
!
- Move
! openssl(1)
! from /usr/sbin/openssl to /usr/bin/openssl.
!
- Two important cipher suites, GOST and Camellia, have been reworked
! or reenabled, providing better interoperability with systems around
! the world.
!
- libtls: New API for loading CA chains directly from memory instead
! of a file, allowing verification with privilege separation in a
! chroot(8)
! without direct access to CA certificate files.
!
- libtls: Ciphers default to TLSv1.2 with AEAD and PFS.
!
- libtls: Improved error handling and message generation.
!
- Added X509_STORE_load_mem API for loading certificates from
! memory. This facilitates accessing certificates from a chrooted
! environment.
!
- New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
! using 'TLSv1.2+AEAD' as the cipher selection string.
!
- New
! openssl(1)
! command 'certhash' replaces the c_rehash script.
!
- Application-Layer Protocol Negotiation (ALPN) support.
!
! - Code improvements:
!
! - Dead and disabled code removal including MD5, Netscape workarounds,
! non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more.
!
- The ASN1 macros are expanded to aid readability and maintainability.
!
- Various NULL pointer asserts removed in favor of letting the
! OS/signal handler catch them.
!
- Dozens of issues found with the Coverity scanner fixed.
!
! - Security updates:
!
! - Fix a Bleichenbacher style timing oracle with bad PKCS padding.
!
- Fix memory leaks.
!
- Address POODLE attack by disabling SSLv3 by default.
!
- SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
!
- Earlier libtls support for non-blocking sockets and randomized
! session ID contexts.
!
- Ensure the stack is marked non-executable for assembly sections.
!
- Multiple CVEs fixed including CVE-2014-3506, CVE-2014-3507,
! CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511,
! CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205
! and CVE-2015-0206.
!
mandoc 1.13.3: