version 1.55, 2020/10/08 15:17:46 |
version 1.56, 2020/10/08 15:22:38 |
|
|
<li>Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. |
<li>Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. |
<li>Improve TLSv1.3 client certificate selection to allow EC certificates instead of only RSA certificates. |
<li>Improve TLSv1.3 client certificate selection to allow EC certificates instead of only RSA certificates. |
<li>Add minimal info callback support for TLSv1.3. |
<li>Add minimal info callback support for TLSv1.3. |
<li>Support TLS 1.3 options in the openssl(1) command. |
<li>Support TLSv1.3 options in the openssl(1) command. |
<li>Add support for additional GOST curves from RFC 7836 and draft-deremin-rfc4491-bis. |
<li>Add support for additional GOST curves from RFC 7836 and draft-deremin-rfc4491-bis. |
<li>Add OIDs for HMAC using the Streebog hash function. |
<li>Add OIDs for HMAC using the Streebog hash function. |
<li>Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5. |
<li>Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5. |
|
|
<ul> |
<ul> |
<li>Collapse x509v3 directory into x509. |
<li>Collapse x509v3 directory into x509. |
<li>Add initial support for openbsd/powerpc64. |
<li>Add initial support for openbsd/powerpc64. |
<li>Improve length checks in the TLS 1.3 record layer and provide appropriate alerts for violations of record layer limits. |
<li>Improve length checks in the TLSv1.3 record layer and provide appropriate alerts for violations of record layer limits. |
<li>Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name. |
<li>Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name. |
<li>Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic retry of handshake messages. |
<li>Support SSL_MODE_AUTO_RETRY in TLSv1.3 to allow the automatic retry of handshake messages. |
<li>Improve the handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack. |
<li>Improve the handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack. |
<li>Start replacing the existing TLSv1.2 record layer. |
<li>Start replacing the existing TLSv1.2 record layer. |
<li>Simplify SSL method lookups. |
<li>Simplify SSL method lookups. |