version 1.33, 2020/05/07 03:39:46 |
version 1.34, 2020/05/07 04:33:10 |
|
|
</ul> |
</ul> |
|
|
<li>LibreSSL 3.1.1 |
<li>LibreSSL 3.1.1 |
|
<ul> |
|
<li>API and Documentation Enhancements |
<ul> |
<ul> |
<li> Completed initial TLS 1.3 implementation with a completely new state |
<li>Completed initial TLS 1.3 implementation with a completely new state |
machine and record layer. TLS 1.3 is now enabled by default for the |
machine and record layer. TLS 1.3 is now enabled by default for the |
client side, with the server side to be enabled in a future release. |
client side, with the server side to be enabled in a future release. |
Note that the OpenSSL TLS 1.3 API is not yet visible/available. |
Note that the OpenSSL TLS 1.3 API is not yet visible/available. |
|
<li>Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to |
<li> Many more code cleanups, fixes, and improvements to memory handling |
include TLSv1.3 cipher suites even if cipher string does not |
and protocol parsing. |
indicate it. |
|
<li>Improved to handle TLSv1.3 HelloRetryRequest. |
<li> Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. |
<li>Provided TLSv1.3 cipher suite aliases to match the names used |
|
in RFC 8446. |
<li> Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL |
<li>Improved to allow using any of the groups in our NID list to |
|
generate a client key share. |
|
<li>Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. |
|
<li>Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL |
1.1.1 and enabled by default. |
1.1.1 and enabled by default. |
|
<li>Added cms subcommand to openssl(1). |
<li> Improved compatibility by backporting functionality and documentation |
<li>Added -addext option to openssl(1) req subcommand. |
from OpenSSL 1.1.1. |
<li>Added -groups option to openssl(1) s_server subcommand. |
|
<li>Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug. |
<li> Added many new additional crypto test vectors. |
|
|
|
<li> Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics. |
|
|
|
<li> Default CA bundle location is now configurable in portable builds. |
|
|
|
<li> Added cms subcommand to openssl(1). |
|
|
|
<li> Added -addext option to openssl(1) req subcommand. |
|
|
|
<li> Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to |
|
include TLSv1.3 cipher suites even if cipher string does not |
|
indicate it. |
|
|
|
<li> Improved to handle TLSv1.3 HelloRetryRequest. |
|
|
|
<li> Provided TLSv1.3 cipher suite aliases to match the names used |
|
in RFC 8446. |
|
|
|
<li> Improved to allow using any of the groups in our NID list to |
|
generate a client key share. |
|
|
|
<li> Fixed printing the serialNumber with X509_print_ex() fall back to |
|
the colon separated hex bytes in case greater than int value. |
|
|
|
<li> Fixed to disallow setting the AES-GCM IV length to zero. |
|
|
|
<li> Added -groups option to openssl(1) s_server subcommand. |
|
|
|
<li> Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug. |
|
|
|
<li> Improved portable builds to support for use of static MSVC runtimes. |
|
<li> Fixed portable builds to avoid exporting a sleep() symbol. |
|
|
|
<li>API and Documentation Enhancements |
|
<ul> |
|
<li>... |
|
</ul> |
</ul> |
|
|
<li>Compatibility Changes |
<li>Compatibility Changes |
<ul> |
<ul> |
<li>... |
<li>Improved compatibility by backporting functionality and documentation |
|
from OpenSSL 1.1.1. |
|
<li>Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics. |
</ul> |
</ul> |
|
|
<li>Testing and Proactive Security |
<li>Testing and Proactive Security |
<ul> |
<ul> |
<li>... |
<li>Added many new additional crypto test vectors. |
|
<li>Fixed to disallow setting the AES-GCM IV length to zero. |
</ul> |
</ul> |
|
|
<li>Internal Improvements |
<li>Internal Improvements |
<ul> |
<ul> |
<li>... |
<li>Many more code cleanups, fixes, and improvements to memory handling |
|
and protocol parsing. |
</ul> |
</ul> |
|
|
<li>Portable Improvements |
<li>Portable Improvements |
<ul> |
<ul> |
<li>... |
<li>Default CA bundle location is now configurable in portable builds. |
|
<li>Improved portable builds to support for use of static MSVC runtimes. |
|
<li>Fixed portable builds to avoid exporting a sleep() symbol. |
</ul> |
</ul> |
|
|
<li>Bug Fixes |
<li>Bug Fixes |
<ul> |
<ul> |
<li>... |
<li>Fixed printing the serialNumber with X509_print_ex() fall back to |
|
the colon separated hex bytes in case greater than int value. |
</ul> |
</ul> |
</ul> |
</ul> |
|
|