| NEWS | |
| ==== | |
| This file gives a brief overview of the major changes between each OpenSSL | |
| release. For more details please read the CHANGES file. | |
| Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: | |
| o New library section OCSP. | |
| o Complete haul-over of the ASN.1 library section. | |
| Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: | |
| o Security fix: change behavior of OpenSSL to avoid using | |
| environment variables when running as root. | |
| o Security fix: check the result of RSA-CRT to reduce the | |
| possibility of deducing the private key from an incorrectly | |
| calculated signature. | |
| o Security fix: prevent Bleichenbacher's DSA attack. | |
| o Security fix: Zero the premaster secret after deriving the | |
| master secret in DH ciphersuites. | |
| o Reimplement SSL_peek(), which had various problems. | |
| o Compatibility fix: the function des_encrypt() renamed to | |
| des_encrypt1() to avoid clashes with some Unixen libc. | |
| o Bug fixes for Win32, HP/UX and Irix. | |
| o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and | |
| memory checking routines. | |
| o Bug fixes for RSA operations in threaded enviroments. | |
| o Bug fixes in misc. openssl applications. | |
| o Remove a few potential memory leaks. | |
| o Add tighter checks of BIGNUM routines. | |
| o Shared library support has been reworked for generality. | |
| o More documentation. | |
| o New function BN_rand_range(). | |
| o Add "-rand" option to openssl s_client and s_server. | |
| Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: | |
| o Some documentation for BIO and SSL libraries. | |
| o Enhanced chain verification using key identifiers. | |
| o New sign and verify options to 'dgst' application. | |
| o Support for DER and PEM encoded messages in 'smime' application. | |
| o New 'rsautl' application, low level RSA utility. | |
| o MD4 now included. | |
| o Bugfix for SSL rollback padding check. | |
| o Support for external crypto devices. | |
| o Enhanced EVP interface. | |
| Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: | |
| o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 | |
| o Shared library support for HPUX and Solaris-gcc | |
| o Support of Linux/IA64 | |
| o Assembler support for Mingw32 | |
| o New 'rand' application | |
| o New way to check for existence of algorithms from scripts | |
| Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: | |
| o S/MIME support in new 'smime' command | |
| o Documentation for the OpenSSL command line application | |
| o Automation of 'req' application | |
| o Fixes to make s_client, s_server work under Windows | |
| o Support for multiple fieldnames in SPKACs | |
| o New SPKAC command line utilty and associated library functions | |
| o Options to allow passwords to be obtained from various sources | |
| o New public key PEM format and options to handle it | |
| o Many other fixes and enhancements to command line utilities | |
| o Usable certificate chain verification | |
| o Certificate purpose checking | |
| o Certificate trust settings | |
| o Support of authority information access extension | |
| o Extensions in certificate requests | |
| o Simplified X509 name and attribute routines | |
| o Initial (incomplete) support for international character sets | |
| o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD | |
| o Read only memory BIOs and simplified creation function | |
| o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 | |
| record; allow fragmentation and interleaving of handshake and other | |
| data | |
| o TLS/SSL code now "tolerates" MS SGC | |
| o Work around for Netscape client certificate hang bug | |
| o RSA_NULL option that removes RSA patent code but keeps other | |
| RSA functionality | |
| o Memory leak detection now allows applications to add extra information | |
| via a per-thread stack | |
| o PRNG robustness improved | |
| o EGD support | |
| o BIGNUM library bug fixes | |
| o Faster DSA parameter generation | |
| o Enhanced support for Alpha Linux | |
| o Experimental MacOS support | |
| Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: | |
| o Transparent support for PKCS#8 format private keys: these are used | |
| by several software packages and are more secure than the standard | |
| form | |
| o PKCS#5 v2.0 implementation | |
| o Password callbacks have a new void * argument for application data | |
| o Avoid various memory leaks | |
| o New pipe-like BIO that allows using the SSL library when actual I/O | |
| must be handled by the application (BIO pair) | |
| Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: | |
| o Lots of enhancements and cleanups to the Configuration mechanism | |
| o RSA OEAP related fixes | |
| o Added `openssl ca -revoke' option for revoking a certificate | |
| o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs | |
| o Source tree cleanups: removed lots of obsolete files | |
| o Thawte SXNet, certificate policies and CRL distribution points | |
| extension support | |
| o Preliminary (experimental) S/MIME support | |
| o Support for ASN.1 UTF8String and VisibleString | |
| o Full integration of PKCS#12 code | |
| o Sparc assembler bignum implementation, optimized hash functions | |
| o Option to disable selected ciphers | |
| Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: | |
| o Fixed a security hole related to session resumption | |
| o Fixed RSA encryption routines for the p < q case | |
| o "ALL" in cipher lists now means "everything except NULL ciphers" | |
| o Support for Triple-DES CBCM cipher | |
| o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA | |
| o First support for new TLSv1 ciphers | |
| o Added a few new BIOs (syslog BIO, reliable BIO) | |
| o Extended support for DSA certificate/keys. | |
| o Extended support for Certificate Signing Requests (CSR) | |
| o Initial support for X.509v3 extensions | |
| o Extended support for compression inside the SSL record layer | |
| o Overhauled Win32 builds | |
| o Cleanups and fixes to the Big Number (BN) library | |
| o Support for ASN.1 GeneralizedTime | |
| o Splitted ASN.1 SETs from SEQUENCEs | |
| o ASN1 and PEM support for Netscape Certificate Sequences | |
| o Overhauled Perl interface | |
| o Lots of source tree cleanups. | |
| o Lots of memory leak fixes. | |
| o Lots of bug fixes. | |
| Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: | |
| o Integration of the popular NO_RSA/NO_DSA patches | |
| o Initial support for compression inside the SSL record layer | |
| o Added BIO proxy and filtering functionality | |
| o Extended Big Number (BN) library | |
| o Added RIPE MD160 message digest | |
| o Addeed support for RC2/64bit cipher | |
| o Extended ASN.1 parser routines | |
| o Adjustations of the source tree for CVS | |
| o Support for various new platforms | |