[BACK]Return to 68.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/68.html between version 1.55 and 1.56

version 1.55, 2020/10/08 15:17:46 version 1.56, 2020/10/08 15:22:38
Line 495 
Line 495 
         <li>Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash.          <li>Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash.
         <li>Improve TLSv1.3 client certificate selection to allow EC certificates instead of only RSA certificates.          <li>Improve TLSv1.3 client certificate selection to allow EC certificates instead of only RSA certificates.
         <li>Add minimal info callback support for TLSv1.3.          <li>Add minimal info callback support for TLSv1.3.
         <li>Support TLS 1.3 options in the openssl(1) command.          <li>Support TLSv1.3 options in the openssl(1) command.
         <li>Add support for additional GOST curves from RFC 7836 and draft-deremin-rfc4491-bis.          <li>Add support for additional GOST curves from RFC 7836 and draft-deremin-rfc4491-bis.
         <li>Add OIDs for HMAC using the Streebog hash function.          <li>Add OIDs for HMAC using the Streebog hash function.
         <li>Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5.          <li>Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5.
Line 516 
Line 516 
       <ul>        <ul>
         <li>Collapse x509v3 directory into x509.          <li>Collapse x509v3 directory into x509.
         <li>Add initial support for openbsd/powerpc64.          <li>Add initial support for openbsd/powerpc64.
         <li>Improve length checks in the TLS 1.3 record layer and provide appropriate alerts for violations of record layer limits.          <li>Improve length checks in the TLSv1.3 record layer and provide appropriate alerts for violations of record layer limits.
         <li>Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name.          <li>Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name.
         <li>Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic retry of handshake messages.          <li>Support SSL_MODE_AUTO_RETRY in TLSv1.3 to allow the automatic retry of handshake messages.
         <li>Improve the handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack.          <li>Improve the handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack.
         <li>Start replacing the existing TLSv1.2 record layer.          <li>Start replacing the existing TLSv1.2 record layer.
         <li>Simplify SSL method lookups.          <li>Simplify SSL method lookups.
Legend:
Removed from v.1.55  
changed lines
  Added in v.1.56