version 1.59, 2020/10/08 15:48:14 |
version 1.60, 2020/10/08 16:05:20 |
|
|
|
|
<li>Compatibility Changes |
<li>Compatibility Changes |
<ul> |
<ul> |
<li>Modify I/O behavior so that SSL_MODE_AUTO_RETRY is the default similar to new OpenSSL releases. |
<li>Modify I/O behavior so that <a href="https://man.openbsd.org/SSL_CTX_set_mode#SSL_MODE_AUTO_RETRY">SSL_MODE_AUTO_RETRY</a> is the default similar to new OpenSSL releases. |
<li>Add the P-521 curve to the list of curves supported by default in the client. |
<li>Add the P-521 curve to the list of curves supported by default in the client. |
<li>Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. |
<li>Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. |
<li>Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. |
<li>Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. |
|
|
<li>Add initial support for openbsd/powerpc64. |
<li>Add initial support for openbsd/powerpc64. |
<li>Improve length checks in the TLSv1.3 record layer and provide appropriate alerts for violations of record layer limits. |
<li>Improve length checks in the TLSv1.3 record layer and provide appropriate alerts for violations of record layer limits. |
<li>Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name. |
<li>Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name. |
<li>Support SSL_MODE_AUTO_RETRY in TLSv1.3 to allow the automatic retry of handshake messages. |
<li>Support <a href="https://man.openbsd.org/SSL_CTX_set_mode#SSL_MODE_AUTO_RETRY">SSL_MODE_AUTO_RETRY</a> in TLSv1.3 to allow the automatic retry of handshake messages. |
<li>Improve the handling of <a href="https://man.openbsd.org/BIO_read">BIO_read(3)</a>/<a href="https://man.openbsd.org/BIO_write">BIO_write(3)</a> failures in the TLSv1.3 stack. |
<li>Improve the handling of <a href="https://man.openbsd.org/BIO_read">BIO_read(3)</a>/<a href="https://man.openbsd.org/BIO_write">BIO_write(3)</a> failures in the TLSv1.3 stack. |
<li>Start replacing the existing TLSv1.2 record layer. |
<li>Start replacing the existing TLSv1.2 record layer. |
<li>Simplify SSL method lookups. |
<li>Simplify SSL method lookups. |