This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file.
OCSP_basic_verify
that verifies the signer certificate on an OCSP response ([CVE-2022-1343])OCSP_REQ_CTX
type and functions.EC_KEY
and EC_KEY_METHOD
types and functions.RSA
and RSA_METHOD
types and functions.DSA
and DSA_METHOD
types and functions.DH
and DH_METHOD
types and functions.ERR_load_
functions.RAND_DRBG
API.ENGINE
API.OSSL_LIB_CTX
, a libcrypto library context._ex
functions to the OpenSSL API that support using a non-default OSSL_LIB_CTX
.Support for TLSv1.3 added. The TLSv1.3 implementation includes:
Complete rewrite of the OpenSSL random number generator to introduce the following capabilities
Support for various new cryptographic algorithms including:
Significant Side-Channel attack security improvements
Add a new ClientHello callback to provide the ability to adjust the SSL object at an early stage.
Add ‘Maximum Fragment Length’ TLS extension negotiation and support
A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other objects.
Move the display of configuration data to configdata.pm.
Allow GNU style “make variables” to be used with Configure.
Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
Rewrite of devcrypto engine
Known issues in OpenSSL 1.0.0m:
<limits.h>
include. Fixed in 1.0.0n-dev[1] The support for external crypto devices is currently a separate distribution. See the file README-Engine.md.