version 1.42, 2020/05/07 16:03:54 |
version 1.43, 2020/05/07 16:48:16 |
|
|
|
|
<li>LibreSSL 3.1.1 |
<li>LibreSSL 3.1.1 |
<ul> |
<ul> |
<li>API and Documentation Enhancements |
<li>New Features |
<ul> |
<ul> |
<li>Completed initial TLS 1.3 implementation with a completely new state |
<li>Completed initial TLS 1.3 implementation with a completely new state |
machine and record layer. TLS 1.3 is now enabled by default for the |
machine and record layer. TLS 1.3 is now enabled by default for the |
client side, with the server side to be enabled in a future release. |
client side, with the server side to be enabled in a future release. |
Note that the OpenSSL TLS 1.3 API is not yet visible/available. |
Note that the OpenSSL TLS 1.3 API is not yet visible/available. |
<li>Improved SSL_CTX_set_cipher_list(3) and SSL_set_cipher_list(3) to |
<li>Improved cipher suite handling to automatically include TLSv1.3 |
include TLSv1.3 cipher suites even if cipher string does not |
cipher suites when they are not explicitly referred to in the |
indicate it. |
cipher string. |
<li>Improved to handle TLSv1.3 HelloRetryRequest. |
|
<li>Provided TLSv1.3 cipher suite aliases to match the names used |
<li>Provided TLSv1.3 cipher suite aliases to match the names used |
in RFC 8446. |
in RFC 8446. |
<li>Improved to allow using any of the groups in our NID list to |
|
generate a client key share. |
|
<li>Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. |
|
<li>Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL |
|
1.1.1 and enabled by default. |
|
<li>Added cms subcommand to openssl(1). |
<li>Added cms subcommand to openssl(1). |
<li>Added -addext option to openssl(1) req subcommand. |
<li>Added -addext option to openssl(1) req subcommand. |
<li>Added -groups option to openssl(1) s_server subcommand. |
<li>Added -groups option to openssl(1) s_server subcommand. |
<li>Fixed to show TLSv1.3 extension type with openssl(1) -tlsextdebug. |
<li>Added TLSv1.3 extension types to openssl(1) -tlsextdebug. |
</ul> |
</ul> |
|
|
|
<li>API and Documentation Enhancements |
|
<ul> |
|
<li>Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. |
|
<li>Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL |
|
1.1.1 and enabled by default. |
|
</ul> |
|
|
<li>Compatibility Changes |
<li>Compatibility Changes |
<ul> |
<ul> |
<li>Improved compatibility by backporting functionality and documentation |
<li>Improved compatibility by backporting functionality and documentation |
|
|
<li>Testing and Proactive Security |
<li>Testing and Proactive Security |
<ul> |
<ul> |
<li>Added many new additional crypto test vectors. |
<li>Added many new additional crypto test vectors. |
<li>Fixed to disallow setting the AES-GCM IV length to zero. |
<li>Fix to disallow setting the AES-GCM IV length to zero. |
</ul> |
</ul> |
|
|
<li>Internal Improvements |
<li>Internal Improvements |