===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/58.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- www/58.html 2015/08/06 09:38:26 1.13
+++ www/58.html 2015/08/06 10:41:35 1.14
@@ -154,11 +154,43 @@
- User-visible features:
- - ...
+
- Switched openssl dhparam default from 512 to 2048 bits.
+
- More CRYPTO ByteString (CBS) packet parsing conversions.
+
- Fixed openssl pkeyutl -verify to exit with a 0 on success.
+
- Fixed dozens of Coverity issues including dead code, memory leaks,
+ logic errors and more.
+
- Ensure that
+ openssl(1)
+ restores terminal echo state after reading a password.
+
- Incorporated fix for OpenSSL Issue #3683.
+
- Removed SSLv3 support from
+ openssl(1).
+
- Modified tls_write in libtls to allow partial
+ writes, clarified with examples in the documentation.
+
- Removed RSAX engine.
+
- Added TLS_method, TLS_client_method and
+ TLS_server_method as a replacement for the
+ SSLv23_*method calls.
+
- Default cert.pem, openssl.cnf, and
+ x509v3.cnf files are now installed under
+ $sysconfdir/ssl or the directory specified by
+ --with-openssldir. Previous versions of LibreSSL left
+ these empty.
- Code improvements:
- - ...
+
- Reworked
+ openssl(1)
+ option handling.
+
- LibreSSL version define LIBRESSL_VERSION_NUMBER will now
+ be bumped for each portable release.
+
- Removed workarounds for TLS client padding bugs.
+
- Removed IE 6 SSLv3 workarounds.
+
- Tested SSLv3 removal with the OpenBSD ports tree and found several
+ applications that were not ready to build without SSLv3 yet.
+ For now, building a program that intentionally uses SSLv3 will
+ result in a linker warning.
+
- --with-enginesdir is removed as a configuration parameter.