===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/62.html,v
retrieving revision 1.59
retrieving revision 1.60
diff -c -r1.59 -r1.60
*** www/62.html 2017/10/06 16:05:50 1.59
--- www/62.html 2017/10/06 17:10:49 1.60
***************
*** 556,561 ****
--- 556,566 ----
LibreSSL 2.6.3
+ - Added support for providing CRLs to libtls - once a CRL is provided via
+ tls_config_set_crl_file(3)
+ or
+ tls_config_set_crl_mem(3),
+ CRL checking is enabled and required for the full certificate chain.
- Reworked TLS certificate name verification code to more strictly
follow RFC 6125.
- Cleaned up and simplified server key exchange EC point handling.
***************
*** 611,617 ****
- Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
CryptoPro clients.
- Removed support for the TLS padding extension, which was added as a
! workaround for an old bug in F5's TLS termintation.
- Added ability to clamp notafter valies in certificates for systems
with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
- Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
--- 616,622 ----
- Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
CryptoPro clients.
- Removed support for the TLS padding extension, which was added as a
! workaround for an old bug in F5's TLS termination.
- Added ability to clamp notafter valies in certificates for systems
with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
- Removed the original (pre-IETF) chacha20-poly1305 cipher suites.