===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/67.html,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- www/67.html 2020/05/07 03:39:46 1.33
+++ www/67.html 2020/05/07 04:33:10 1.34
@@ -1133,85 +1133,60 @@
LibreSSL 3.1.1
+
+ - API and Documentation Enhancements
- - Completed initial TLS 1.3 implementation with a completely new state
+
- Completed initial TLS 1.3 implementation with a completely new state
machine and record layer. TLS 1.3 is now enabled by default for the
client side, with the server side to be enabled in a future release.
Note that the OpenSSL TLS 1.3 API is not yet visible/available.
-
-
- Many more code cleanups, fixes, and improvements to memory handling
- and protocol parsing.
-
-
- Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
-
-
- Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
+
- Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to
+ include TLSv1.3 cipher suites even if cipher string does not
+ indicate it.
+
- Improved to handle TLSv1.3 HelloRetryRequest.
+
- Provided TLSv1.3 cipher suite aliases to match the names used
+ in RFC 8446.
+
- Improved to allow using any of the groups in our NID list to
+ generate a client key share.
+
- Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
+
- Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.1.1 and enabled by default.
-
-
- Improved compatibility by backporting functionality and documentation
- from OpenSSL 1.1.1.
-
-
- Added many new additional crypto test vectors.
-
-
- Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
-
-
- Default CA bundle location is now configurable in portable builds.
-
-
- Added cms subcommand to openssl(1).
-
-
- Added -addext option to openssl(1) req subcommand.
-
-
- Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to
- include TLSv1.3 cipher suites even if cipher string does not
- indicate it.
-
-
- Improved to handle TLSv1.3 HelloRetryRequest.
-
-
- Provided TLSv1.3 cipher suite aliases to match the names used
- in RFC 8446.
-
-
- Improved to allow using any of the groups in our NID list to
- generate a client key share.
-
-
- Fixed printing the serialNumber with X509_print_ex() fall back to
- the colon separated hex bytes in case greater than int value.
-
-
- Fixed to disallow setting the AES-GCM IV length to zero.
-
-
- Added -groups option to openssl(1) s_server subcommand.
-
-
- Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug.
-
-
- Improved portable builds to support for use of static MSVC runtimes.
-
- Fixed portable builds to avoid exporting a sleep() symbol.
-
-
- API and Documentation Enhancements
-
- - ...
+
- Added cms subcommand to openssl(1).
+
- Added -addext option to openssl(1) req subcommand.
+
- Added -groups option to openssl(1) s_server subcommand.
+
- Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug.
- Compatibility Changes
- - ...
+
- Improved compatibility by backporting functionality and documentation
+ from OpenSSL 1.1.1.
+
- Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
- Testing and Proactive Security
- - ...
+
- Added many new additional crypto test vectors.
+
- Fixed to disallow setting the AES-GCM IV length to zero.
- Internal Improvements
- - ...
+
- Many more code cleanups, fixes, and improvements to memory handling
+ and protocol parsing.
- Portable Improvements
- - ...
+
- Default CA bundle location is now configurable in portable builds.
+
- Improved portable builds to support for use of static MSVC runtimes.
+
- Fixed portable builds to avoid exporting a sleep() symbol.
- Bug Fixes
- - ...
+
- Fixed printing the serialNumber with X509_print_ex() fall back to
+ the colon separated hex bytes in case greater than int value.