version 1.13, 2015/08/06 09:38:26 |
version 1.14, 2015/08/06 10:41:35 |
|
|
<ul> |
<ul> |
<li>User-visible features: |
<li>User-visible features: |
<ul> |
<ul> |
<li>... |
<li>Switched <tt>openssl dhparam</tt> default from 512 to 2048 bits. |
|
<li>More <i>CRYPTO ByteString</i> (CBS) packet parsing conversions. |
|
<li>Fixed <tt>openssl pkeyutl -verify</tt> to exit with a 0 on success. |
|
<li>Fixed dozens of Coverity issues including dead code, memory leaks, |
|
logic errors and more. |
|
<li>Ensure that |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a> |
|
restores terminal echo state after reading a password. |
|
<li>Incorporated fix for OpenSSL Issue #3683. |
|
<li>Removed SSLv3 support from |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>. |
|
<li>Modified <tt>tls_write</tt> in <tt>libtls</tt> to allow partial |
|
writes, clarified with examples in the documentation. |
|
<li>Removed RSAX engine. |
|
<li>Added <tt>TLS_method</tt>, <tt>TLS_client_method</tt> and |
|
<tt>TLS_server_method</tt> as a replacement for the |
|
<tt>SSLv23_*method</tt> calls. |
|
<li>Default <tt>cert.pem</tt>, <tt>openssl.cnf</tt>, and |
|
<tt>x509v3.cnf</tt> files are now installed under |
|
<tt>$sysconfdir/ssl</tt> or the directory specified by |
|
<tt>--with-openssldir</tt>. Previous versions of LibreSSL left |
|
these empty. |
</ul> |
</ul> |
<li>Code improvements: |
<li>Code improvements: |
<ul> |
<ul> |
<li>... |
<li>Reworked |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a> |
|
option handling. |
|
<li>LibreSSL version define <tt>LIBRESSL_VERSION_NUMBER</tt> will now |
|
be bumped for each portable release. |
|
<li>Removed workarounds for TLS client padding bugs. |
|
<li>Removed IE 6 SSLv3 workarounds. |
|
<li>Tested SSLv3 removal with the OpenBSD ports tree and found several |
|
applications that were not ready to build without SSLv3 yet. |
|
For now, building a program that intentionally uses SSLv3 will |
|
result in a linker warning. |
|
<li><tt>--with-enginesdir</tt> is removed as a configuration parameter. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |