Index: third_party/apache-win32/OPENSSL-NEWS.txt |
diff --git a/third_party/apache-win32/OPENSSL-NEWS.txt b/third_party/apache-win32/OPENSSL-NEWS.txt |
new file mode 100644 |
index 0000000000000000000000000000000000000000..7d3251dc14c9f145f8142e72b54ba2ecf37fb515 |
--- /dev/null |
+++ b/third_party/apache-win32/OPENSSL-NEWS.txt |
@@ -0,0 +1,591 @@ |
+ |
+ Apache HTTP Server 2.2 Limited OpenSSL Distribution |
+ |
+ This binary distribution includes the minimal components of OpenSSL required |
+ to support mod_ssl for Apache HTTP Server version 2.2 (details are listed |
+ in OPENSSL-README.txt.) For the complete list of CHANGES to this and later |
+ versions of OpenSSL, please refer to the definative source, |
+ <http://www.openssl.org/news/changelog.html>, or see the CHANGES file in the |
+ full binary or source distribution package from <http://www.openssl.org/>. |
+ |
+ These OpenSSL binaries were built for distribution from the U.S. without |
+ support for the patented encryption methods IDEA, MDC-2 or RC5. |
+ |
+-------------------------------------------------------------------------------- |
+ |
+ |
+ NEWS |
+ ==== |
+ |
+ This file gives a brief overview of the major changes between each OpenSSL |
+ release. For more details please read the CHANGES file. |
+ |
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: |
+ |
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 |
+ o Fix OCSP bad key DoS attack CVE-2013-0166 |
+ |
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: |
+ |
+ o Fix DTLS record length checking bug CVE-2012-2333 |
+ |
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: |
+ |
+ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) |
+ |
+ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: |
+ |
+ o Fix for ASN1 overflow bug CVE-2012-2110 |
+ |
+ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: |
+ |
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884 |
+ o Corrected fix for CVE-2011-4619 |
+ o Various DTLS fixes. |
+ |
+ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: |
+ |
+ o Fix for DTLS DoS issue CVE-2012-0050 |
+ |
+ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: |
+ |
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108 |
+ o Fix policy check double free error CVE-2011-4109 |
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 |
+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 |
+ o Check for malformed RFC3779 data CVE-2011-4577 |
+ |
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: |
+ |
+ o Fix for security issue CVE-2011-0014 |
+ |
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: |
+ |
+ o Fix for security issue CVE-2010-4180 |
+ o Fix for CVE-2010-4252 |
+ |
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: |
+ |
+ o Fix for security issue CVE-2010-3864. |
+ |
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: |
+ |
+ o Fix for security issue CVE-2010-0742. |
+ o Various DTLS fixes. |
+ o Recognise SHA2 certificates if only SSL algorithms added. |
+ o Fix for no-rc4 compilation. |
+ o Chil ENGINE unload workaround. |
+ |
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: |
+ |
+ o CFB cipher definition fixes. |
+ o Fix security issues CVE-2010-0740 and CVE-2010-0433. |
+ |
+ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: |
+ |
+ o Cipher definition fixes. |
+ o Workaround for slow RAND_poll() on some WIN32 versions. |
+ o Remove MD2 from algorithm tables. |
+ o SPKAC handling fixes. |
+ o Support for RFC5746 TLS renegotiation extension. |
+ o Compression memory leak fixed. |
+ o Compression session resumption fixed. |
+ o Ticket and SNI coexistence fixes. |
+ o Many fixes to DTLS handling. |
+ |
+ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: |
+ |
+ o Temporary work around for CVE-2009-3555: disable renegotiation. |
+ |
+ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: |
+ |
+ o Fix various build issues. |
+ o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) |
+ |
+ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: |
+ |
+ o Fix security issue (CVE-2008-5077) |
+ o Merge FIPS 140-2 branch code. |
+ |
+ Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: |
+ |
+ o CryptoAPI ENGINE support. |
+ o Various precautionary measures. |
+ o Fix for bugs affecting certificate request creation. |
+ o Support for local machine keyset attribute in PKCS#12 files. |
+ |
+ Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: |
+ |
+ o Backport of CMS functionality to 0.9.8. |
+ o Fixes for bugs introduced with 0.9.8f. |
+ |
+ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: |
+ |
+ o Add gcc 4.2 support. |
+ o Add support for AES and SSE2 assembly lanugauge optimization |
+ for VC++ build. |
+ o Support for RFC4507bis and server name extensions if explicitly |
+ selected at compile time. |
+ o DTLS improvements. |
+ o RFC4507bis support. |
+ o TLS Extensions support. |
+ |
+ Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: |
+ |
+ o Various ciphersuite selection fixes. |
+ o RFC3779 support. |
+ |
+ Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: |
+ |
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940) |
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) |
+ o Changes to ciphersuite selection algorithm |
+ |
+ Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: |
+ |
+ o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 |
+ o New cipher Camellia |
+ |
+ Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: |
+ |
+ o Cipher string fixes. |
+ o Fixes for VC++ 2005. |
+ o Updated ECC cipher suite support. |
+ o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). |
+ o Zlib compression usage fixes. |
+ o Built in dynamic engine compilation support on Win32. |
+ o Fixes auto dynamic engine loading in Win32. |
+ |
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: |
+ |
+ o Fix potential SSL 2.0 rollback, CVE-2005-2969 |
+ o Extended Windows CE support |
+ |
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: |
+ |
+ o Major work on the BIGNUM library for higher efficiency and to |
+ make operations more streamlined and less contradictory. This |
+ is the result of a major audit of the BIGNUM library. |
+ o Addition of BIGNUM functions for fields GF(2^m) and NIST |
+ curves, to support the Elliptic Crypto functions. |
+ o Major work on Elliptic Crypto; ECDH and ECDSA added, including |
+ the use through EVP, X509 and ENGINE. |
+ o New ASN.1 mini-compiler that's usable through the OpenSSL |
+ configuration file. |
+ o Added support for ASN.1 indefinite length constructed encoding. |
+ o New PKCS#12 'medium level' API to manipulate PKCS#12 files. |
+ o Complete rework of shared library construction and linking |
+ programs with shared or static libraries, through a separate |
+ Makefile.shared. |
+ o Rework of the passing of parameters from one Makefile to another. |
+ o Changed ENGINE framework to load dynamic engine modules |
+ automatically from specifically given directories. |
+ o New structure and ASN.1 functions for CertificatePair. |
+ o Changed the ZLIB compression method to be stateful. |
+ o Changed the key-generation and primality testing "progress" |
+ mechanism to take a structure that contains the ticker |
+ function and an argument. |
+ o New engine module: GMP (performs private key exponentiation). |
+ o New engine module: VIA PadLOck ACE extension in VIA C3 |
+ Nehemiah processors. |
+ o Added support for IPv6 addresses in certificate extensions. |
+ See RFC 1884, section 2.2. |
+ o Added support for certificate policy mappings, policy |
+ constraints and name constraints. |
+ o Added support for multi-valued AVAs in the OpenSSL |
+ configuration file. |
+ o Added support for multiple certificates with the same subject |
+ in the 'openssl ca' index file. |
+ o Make it possible to create self-signed certificates using |
+ 'openssl ca -selfsign'. |
+ o Make it possible to generate a serial number file with |
+ 'openssl ca -create_serial'. |
+ o New binary search functions with extended functionality. |
+ o New BUF functions. |
+ o New STORE structure and library to provide an interface to all |
+ sorts of data repositories. Supports storage of public and |
+ private keys, certificates, CRLs, numbers and arbitrary blobs. |
+ This library is unfortunately unfinished and unused withing |
+ OpenSSL. |
+ o New control functions for the error stack. |
+ o Changed the PKCS#7 library to support one-pass S/MIME |
+ processing. |
+ o Added the possibility to compile without old deprecated |
+ functionality with the OPENSSL_NO_DEPRECATED macro or the |
+ 'no-deprecated' argument to the config and Configure scripts. |
+ o Constification of all ASN.1 conversion functions, and other |
+ affected functions. |
+ o Improved platform support for PowerPC. |
+ o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). |
+ o New X509_VERIFY_PARAM structure to support parametrisation |
+ of X.509 path validation. |
+ o Major overhaul of RC4 performance on Intel P4, IA-64 and |
+ AMD64. |
+ o Changed the Configure script to have some algorithms disabled |
+ by default. Those can be explicitely enabled with the new |
+ argument form 'enable-xxx'. |
+ o Change the default digest in 'openssl' commands from MD5 to |
+ SHA-1. |
+ o Added support for DTLS. |
+ o New BIGNUM blinding. |
+ o Added support for the RSA-PSS encryption scheme |
+ o Added support for the RSA X.931 padding. |
+ o Added support for BSD sockets on NetWare. |
+ o Added support for files larger than 2GB. |
+ o Added initial support for Win64. |
+ o Added alternate pkg-config files. |
+ |
+ Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m: |
+ |
+ o FIPS 1.1.1 module linking. |
+ o Various ciphersuite selection fixes. |
+ |
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: |
+ |
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940) |
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) |
+ |
+ Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: |
+ |
+ o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 |
+ |
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: |
+ |
+ o Visual C++ 2005 fixes. |
+ o Update Windows build system for FIPS. |
+ |
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: |
+ |
+ o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. |
+ |
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: |
+ |
+ o Fix SSL 2.0 Rollback, CVE-2005-2969 |
+ o Allow use of fixed-length exponent on DSA signing |
+ o Default fixed-window RSA, DSA, DH private-key operations |
+ |
+ Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: |
+ |
+ o More compilation issues fixed. |
+ o Adaptation to more modern Kerberos API. |
+ o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. |
+ o Enhanced x86_64 assembler BIGNUM module. |
+ o More constification. |
+ o Added processing of proxy certificates (RFC 3820). |
+ |
+ Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: |
+ |
+ o Several compilation issues fixed. |
+ o Many memory allocation failure checks added. |
+ o Improved comparison of X509 Name type. |
+ o Mandatory basic checks on certificates. |
+ o Performance improvements. |
+ |
+ Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: |
+ |
+ o Fix race condition in CRL checking code. |
+ o Fixes to PKCS#7 (S/MIME) code. |
+ |
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: |
+ |
+ o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug |
+ o Security: Fix null-pointer assignment in do_change_cipher_spec() |
+ o Allow multiple active certificates with same subject in CA index |
+ o Multiple X509 verification fixes |
+ o Speed up HMAC and other operations |
+ |
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: |
+ |
+ o Security: fix various ASN1 parsing bugs. |
+ o New -ignore_err option to OCSP utility. |
+ o Various interop and bug fixes in S/MIME code. |
+ o SSL/TLS protocol fix for unrequested client certificates. |
+ |
+ Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: |
+ |
+ o Security: counter the Klima-Pokorny-Rosa extension of |
+ Bleichbacher's attack |
+ o Security: make RSA blinding default. |
+ o Configuration: Irix fixes, AIX fixes, better mingw support. |
+ o Support for new platforms: linux-ia64-ecc. |
+ o Build: shared library support fixes. |
+ o ASN.1: treat domainComponent correctly. |
+ o Documentation: fixes and additions. |
+ |
+ Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: |
+ |
+ o Security: Important security related bugfixes. |
+ o Enhanced compatibility with MIT Kerberos. |
+ o Can be built without the ENGINE framework. |
+ o IA32 assembler enhancements. |
+ o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. |
+ o Configuration: the no-err option now works properly. |
+ o SSL/TLS: now handles manual certificate chain building. |
+ o SSL/TLS: certain session ID malfunctions corrected. |
+ |
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: |
+ |
+ o New library section OCSP. |
+ o Complete rewrite of ASN1 code. |
+ o CRL checking in verify code and openssl utility. |
+ o Extension copying in 'ca' utility. |
+ o Flexible display options in 'ca' utility. |
+ o Provisional support for international characters with UTF8. |
+ o Support for external crypto devices ('engine') is no longer |
+ a separate distribution. |
+ o New elliptic curve library section. |
+ o New AES (Rijndael) library section. |
+ o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, |
+ Linux x86_64, Linux 64-bit on Sparc v9 |
+ o Extended support for some platforms: VxWorks |
+ o Enhanced support for shared libraries. |
+ o Now only builds PIC code when shared library support is requested. |
+ o Support for pkg-config. |
+ o Lots of new manuals. |
+ o Makes symbolic links to or copies of manuals to cover all described |
+ functions. |
+ o Change DES API to clean up the namespace (some applications link also |
+ against libdes providing similar functions having the same name). |
+ Provide macros for backward compatibility (will be removed in the |
+ future). |
+ o Unify handling of cryptographic algorithms (software and engine) |
+ to be available via EVP routines for asymmetric and symmetric ciphers. |
+ o NCONF: new configuration handling routines. |
+ o Change API to use more 'const' modifiers to improve error checking |
+ and help optimizers. |
+ o Finally remove references to RSAref. |
+ o Reworked parts of the BIGNUM code. |
+ o Support for new engines: Broadcom ubsec, Accelerated Encryption |
+ Processing, IBM 4758. |
+ o A few new engines added in the demos area. |
+ o Extended and corrected OID (object identifier) table. |
+ o PRNG: query at more locations for a random device, automatic query for |
+ EGD style random sources at several locations. |
+ o SSL/TLS: allow optional cipher choice according to server's preference. |
+ o SSL/TLS: allow server to explicitly set new session ids. |
+ o SSL/TLS: support Kerberos cipher suites (RFC2712). |
+ Only supports MIT Kerberos for now. |
+ o SSL/TLS: allow more precise control of renegotiations and sessions. |
+ o SSL/TLS: add callback to retrieve SSL/TLS messages. |
+ o SSL/TLS: support AES cipher suites (RFC3268). |
+ |
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: |
+ |
+ o Security: fix various ASN1 parsing bugs. |
+ o SSL/TLS protocol fix for unrequested client certificates. |
+ |
+ Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: |
+ |
+ o Security: counter the Klima-Pokorny-Rosa extension of |
+ Bleichbacher's attack |
+ o Security: make RSA blinding default. |
+ o Build: shared library support fixes. |
+ |
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: |
+ |
+ o Important security related bugfixes. |
+ |
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: |
+ |
+ o New configuration targets for Tandem OSS and A/UX. |
+ o New OIDs for Microsoft attributes. |
+ o Better handling of SSL session caching. |
+ o Better comparison of distinguished names. |
+ o Better handling of shared libraries in a mixed GNU/non-GNU environment. |
+ o Support assembler code with Borland C. |
+ o Fixes for length problems. |
+ o Fixes for uninitialised variables. |
+ o Fixes for memory leaks, some unusual crashes and some race conditions. |
+ o Fixes for smaller building problems. |
+ o Updates of manuals, FAQ and other instructive documents. |
+ |
+ Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: |
+ |
+ o Important building fixes on Unix. |
+ |
+ Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: |
+ |
+ o Various important bugfixes. |
+ |
+ Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: |
+ |
+ o Important security related bugfixes. |
+ o Various SSL/TLS library bugfixes. |
+ |
+ Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: |
+ |
+ o Various SSL/TLS library bugfixes. |
+ o Fix DH parameter generation for 'non-standard' generators. |
+ |
+ Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: |
+ |
+ o Various SSL/TLS library bugfixes. |
+ o BIGNUM library fixes. |
+ o RSA OAEP and random number generation fixes. |
+ o Object identifiers corrected and added. |
+ o Add assembler BN routines for IA64. |
+ o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, |
+ MIPS Linux; shared library support for Irix, HP-UX. |
+ o Add crypto accelerator support for AEP, Baltimore SureWare, |
+ Broadcom and Cryptographic Appliance's keyserver |
+ [in 0.9.6c-engine release]. |
+ |
+ Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: |
+ |
+ o Security fix: PRNG improvements. |
+ o Security fix: RSA OAEP check. |
+ o Security fix: Reinsert and fix countermeasure to Bleichbacher's |
+ attack. |
+ o MIPS bug fix in BIGNUM. |
+ o Bug fix in "openssl enc". |
+ o Bug fix in X.509 printing routine. |
+ o Bug fix in DSA verification routine and DSA S/MIME verification. |
+ o Bug fix to make PRNG thread-safe. |
+ o Bug fix in RAND_file_name(). |
+ o Bug fix in compatibility mode trust settings. |
+ o Bug fix in blowfish EVP. |
+ o Increase default size for BIO buffering filter. |
+ o Compatibility fixes in some scripts. |
+ |
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: |
+ |
+ o Security fix: change behavior of OpenSSL to avoid using |
+ environment variables when running as root. |
+ o Security fix: check the result of RSA-CRT to reduce the |
+ possibility of deducing the private key from an incorrectly |
+ calculated signature. |
+ o Security fix: prevent Bleichenbacher's DSA attack. |
+ o Security fix: Zero the premaster secret after deriving the |
+ master secret in DH ciphersuites. |
+ o Reimplement SSL_peek(), which had various problems. |
+ o Compatibility fix: the function des_encrypt() renamed to |
+ des_encrypt1() to avoid clashes with some Unixen libc. |
+ o Bug fixes for Win32, HP/UX and Irix. |
+ o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and |
+ memory checking routines. |
+ o Bug fixes for RSA operations in threaded environments. |
+ o Bug fixes in misc. openssl applications. |
+ o Remove a few potential memory leaks. |
+ o Add tighter checks of BIGNUM routines. |
+ o Shared library support has been reworked for generality. |
+ o More documentation. |
+ o New function BN_rand_range(). |
+ o Add "-rand" option to openssl s_client and s_server. |
+ |
+ Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: |
+ |
+ o Some documentation for BIO and SSL libraries. |
+ o Enhanced chain verification using key identifiers. |
+ o New sign and verify options to 'dgst' application. |
+ o Support for DER and PEM encoded messages in 'smime' application. |
+ o New 'rsautl' application, low level RSA utility. |
+ o MD4 now included. |
+ o Bugfix for SSL rollback padding check. |
+ o Support for external crypto devices [1]. |
+ o Enhanced EVP interface. |
+ |
+ [1] The support for external crypto devices is currently a separate |
+ distribution. See the file README.ENGINE. |
+ |
+ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: |
+ |
+ o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 |
+ o Shared library support for HPUX and Solaris-gcc |
+ o Support of Linux/IA64 |
+ o Assembler support for Mingw32 |
+ o New 'rand' application |
+ o New way to check for existence of algorithms from scripts |
+ |
+ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: |
+ |
+ o S/MIME support in new 'smime' command |
+ o Documentation for the OpenSSL command line application |
+ o Automation of 'req' application |
+ o Fixes to make s_client, s_server work under Windows |
+ o Support for multiple fieldnames in SPKACs |
+ o New SPKAC command line utilty and associated library functions |
+ o Options to allow passwords to be obtained from various sources |
+ o New public key PEM format and options to handle it |
+ o Many other fixes and enhancements to command line utilities |
+ o Usable certificate chain verification |
+ o Certificate purpose checking |
+ o Certificate trust settings |
+ o Support of authority information access extension |
+ o Extensions in certificate requests |
+ o Simplified X509 name and attribute routines |
+ o Initial (incomplete) support for international character sets |
+ o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD |
+ o Read only memory BIOs and simplified creation function |
+ o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 |
+ record; allow fragmentation and interleaving of handshake and other |
+ data |
+ o TLS/SSL code now "tolerates" MS SGC |
+ o Work around for Netscape client certificate hang bug |
+ o RSA_NULL option that removes RSA patent code but keeps other |
+ RSA functionality |
+ o Memory leak detection now allows applications to add extra information |
+ via a per-thread stack |
+ o PRNG robustness improved |
+ o EGD support |
+ o BIGNUM library bug fixes |
+ o Faster DSA parameter generation |
+ o Enhanced support for Alpha Linux |
+ o Experimental MacOS support |
+ |
+ Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: |
+ |
+ o Transparent support for PKCS#8 format private keys: these are used |
+ by several software packages and are more secure than the standard |
+ form |
+ o PKCS#5 v2.0 implementation |
+ o Password callbacks have a new void * argument for application data |
+ o Avoid various memory leaks |
+ o New pipe-like BIO that allows using the SSL library when actual I/O |
+ must be handled by the application (BIO pair) |
+ |
+ Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: |
+ o Lots of enhancements and cleanups to the Configuration mechanism |
+ o RSA OEAP related fixes |
+ o Added `openssl ca -revoke' option for revoking a certificate |
+ o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs |
+ o Source tree cleanups: removed lots of obsolete files |
+ o Thawte SXNet, certificate policies and CRL distribution points |
+ extension support |
+ o Preliminary (experimental) S/MIME support |
+ o Support for ASN.1 UTF8String and VisibleString |
+ o Full integration of PKCS#12 code |
+ o Sparc assembler bignum implementation, optimized hash functions |
+ o Option to disable selected ciphers |
+ |
+ Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: |
+ o Fixed a security hole related to session resumption |
+ o Fixed RSA encryption routines for the p < q case |
+ o "ALL" in cipher lists now means "everything except NULL ciphers" |
+ o Support for Triple-DES CBCM cipher |
+ o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA |
+ o First support for new TLSv1 ciphers |
+ o Added a few new BIOs (syslog BIO, reliable BIO) |
+ o Extended support for DSA certificate/keys. |
+ o Extended support for Certificate Signing Requests (CSR) |
+ o Initial support for X.509v3 extensions |
+ o Extended support for compression inside the SSL record layer |
+ o Overhauled Win32 builds |
+ o Cleanups and fixes to the Big Number (BN) library |
+ o Support for ASN.1 GeneralizedTime |
+ o Splitted ASN.1 SETs from SEQUENCEs |
+ o ASN1 and PEM support for Netscape Certificate Sequences |
+ o Overhauled Perl interface |
+ o Lots of source tree cleanups. |
+ o Lots of memory leak fixes. |
+ o Lots of bug fixes. |
+ |
+ Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: |
+ o Integration of the popular NO_RSA/NO_DSA patches |
+ o Initial support for compression inside the SSL record layer |
+ o Added BIO proxy and filtering functionality |
+ o Extended Big Number (BN) library |
+ o Added RIPE MD160 message digest |
+ o Addeed support for RC2/64bit cipher |
+ o Extended ASN.1 parser routines |
+ o Adjustations of the source tree for CVS |
+ o Support for various new platforms |