===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/67.html,v
retrieving revision 1.33
retrieving revision 1.34
diff -c -r1.33 -r1.34
*** www/67.html 2020/05/07 03:39:46 1.33
--- www/67.html 2020/05/07 04:33:10 1.34
***************
*** 1133,1217 ****
LibreSSL 3.1.1
! - Completed initial TLS 1.3 implementation with a completely new state
machine and record layer. TLS 1.3 is now enabled by default for the
client side, with the server side to be enabled in a future release.
Note that the OpenSSL TLS 1.3 API is not yet visible/available.
!
!
- Many more code cleanups, fixes, and improvements to memory handling
! and protocol parsing.
!
!
- Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
!
!
- Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.1.1 and enabled by default.
!
!
- Improved compatibility by backporting functionality and documentation
! from OpenSSL 1.1.1.
!
!
- Added many new additional crypto test vectors.
!
!
- Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
!
!
- Default CA bundle location is now configurable in portable builds.
!
!
- Added cms subcommand to openssl(1).
!
!
- Added -addext option to openssl(1) req subcommand.
!
!
- Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to
! include TLSv1.3 cipher suites even if cipher string does not
! indicate it.
!
!
- Improved to handle TLSv1.3 HelloRetryRequest.
!
!
- Provided TLSv1.3 cipher suite aliases to match the names used
! in RFC 8446.
!
!
- Improved to allow using any of the groups in our NID list to
! generate a client key share.
!
!
- Fixed printing the serialNumber with X509_print_ex() fall back to
! the colon separated hex bytes in case greater than int value.
!
!
- Fixed to disallow setting the AES-GCM IV length to zero.
!
!
- Added -groups option to openssl(1) s_server subcommand.
!
!
- Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug.
!
!
- Improved portable builds to support for use of static MSVC runtimes.
!
- Fixed portable builds to avoid exporting a sleep() symbol.
!
!
- API and Documentation Enhancements
!
- Compatibility Changes
- Testing and Proactive Security
- Internal Improvements
- Portable Improvements
- Bug Fixes
--- 1133,1192 ----
LibreSSL 3.1.1
+
+ - API and Documentation Enhancements
! - Completed initial TLS 1.3 implementation with a completely new state
machine and record layer. TLS 1.3 is now enabled by default for the
client side, with the server side to be enabled in a future release.
Note that the OpenSSL TLS 1.3 API is not yet visible/available.
!
- Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to
! include TLSv1.3 cipher suites even if cipher string does not
! indicate it.
!
- Improved to handle TLSv1.3 HelloRetryRequest.
!
- Provided TLSv1.3 cipher suite aliases to match the names used
! in RFC 8446.
!
- Improved to allow using any of the groups in our NID list to
! generate a client key share.
!
- Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
!
- Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.1.1 and enabled by default.
!
- Added cms subcommand to openssl(1).
!
- Added -addext option to openssl(1) req subcommand.
!
- Added -groups option to openssl(1) s_server subcommand.
!
- Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug.
- Compatibility Changes
! - Improved compatibility by backporting functionality and documentation
! from OpenSSL 1.1.1.
!
- Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
- Testing and Proactive Security
! - Added many new additional crypto test vectors.
!
- Fixed to disallow setting the AES-GCM IV length to zero.
- Internal Improvements
! - Many more code cleanups, fixes, and improvements to memory handling
! and protocol parsing.
- Portable Improvements
! - Default CA bundle location is now configurable in portable builds.
!
- Improved portable builds to support for use of static MSVC runtimes.
!
- Fixed portable builds to avoid exporting a sleep() symbol.
- Bug Fixes
! - Fixed printing the serialNumber with X509_print_ex() fall back to
! the colon separated hex bytes in case greater than int value.