| version 1.59, 2017/10/06 16:05:50 |
version 1.60, 2017/10/06 17:10:49 |
|
|
| |
|
| <li>LibreSSL 2.6.3 |
<li>LibreSSL 2.6.3 |
| <ul> |
<ul> |
| |
<li>Added support for providing CRLs to libtls - once a CRL is provided via |
| |
<a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a> |
| |
or |
| |
<a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>, |
| |
CRL checking is enabled and required for the full certificate chain. |
| <li>Reworked TLS certificate name verification code to more strictly |
<li>Reworked TLS certificate name verification code to more strictly |
| follow RFC 6125. |
follow RFC 6125. |
| <li>Cleaned up and simplified server key exchange EC point handling. |
<li>Cleaned up and simplified server key exchange EC point handling. |
|
|
| <li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken |
<li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken |
| CryptoPro clients. |
CryptoPro clients. |
| <li>Removed support for the TLS padding extension, which was added as a |
<li>Removed support for the TLS padding extension, which was added as a |
| workaround for an old bug in F5's TLS termintation. |
workaround for an old bug in F5's TLS termination. |
| <li>Added ability to clamp notafter valies in certificates for systems |
<li>Added ability to clamp notafter valies in certificates for systems |
| with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5. |
with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5. |
| <li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites. |
<li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites. |
![[BACK]](/icons/back.gif){kind=icon}
Return to 62.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www