===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/58.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -c -r1.13 -r1.14
*** www/58.html 2015/08/06 09:38:26 1.13
--- www/58.html 2015/08/06 10:41:35 1.14
***************
*** 154,164 ****
- User-visible features:
- Code improvements:
--- 154,196 ----
- User-visible features:
! - Switched openssl dhparam default from 512 to 2048 bits.
!
- More CRYPTO ByteString (CBS) packet parsing conversions.
!
- Fixed openssl pkeyutl -verify to exit with a 0 on success.
!
- Fixed dozens of Coverity issues including dead code, memory leaks,
! logic errors and more.
!
- Ensure that
! openssl(1)
! restores terminal echo state after reading a password.
!
- Incorporated fix for OpenSSL Issue #3683.
!
- Removed SSLv3 support from
! openssl(1).
!
- Modified tls_write in libtls to allow partial
! writes, clarified with examples in the documentation.
!
- Removed RSAX engine.
!
- Added TLS_method, TLS_client_method and
! TLS_server_method as a replacement for the
! SSLv23_*method calls.
!
- Default cert.pem, openssl.cnf, and
! x509v3.cnf files are now installed under
! $sysconfdir/ssl or the directory specified by
! --with-openssldir. Previous versions of LibreSSL left
! these empty.
- Code improvements:
! - Reworked
! openssl(1)
! option handling.
!
- LibreSSL version define LIBRESSL_VERSION_NUMBER will now
! be bumped for each portable release.
!
- Removed workarounds for TLS client padding bugs.
!
- Removed IE 6 SSLv3 workarounds.
!
- Tested SSLv3 removal with the OpenBSD ports tree and found several
! applications that were not ready to build without SSLv3 yet.
! For now, building a program that intentionally uses SSLv3 will
! result in a linker warning.
!
- --with-enginesdir is removed as a configuration parameter.