NEWS revision 7c478bd95313f5f23a4c958a745db2134aa03244
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User This file gives a brief overview of the major changes between each OpenSSL
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User release. For more details please read the CHANGES file.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Security: Fix null-pointer assignment in do_change_cipher_spec()
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Allow multiple active certificates with same subject in CA index
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User o Multiple X590 verification fixes
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Speed up HMAC and other operations
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Security: fix various ASN1 parsing bugs.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o New -ignore_err option to OCSP utility.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Various interop and bug fixes in S/MIME code.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o SSL/TLS protocol fix for unrequested client certificates.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater o Security: counter the Klima-Pokorny-Rosa extension of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Bleichbacher's attack
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Security: make RSA blinding default.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Configuration: Irix fixes, AIX fixes, better mingw support.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Support for new platforms: linux-ia64-ecc.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Build: shared library support fixes.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o ASN.1: treat domainComponent correctly.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Documentation: fixes and additions.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security: Important security related bugfixes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Enhanced compatibility with MIT Kerberos.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Can be built without the ENGINE framework.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o IA32 assembler enhancements.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Configuration: the no-err option now works properly.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o SSL/TLS: now handles manual certificate chain building.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o SSL/TLS: certain session ID malfunctions corrected.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o New library section OCSP.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Complete rewrite of ASN1 code.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o CRL checking in verify code and openssl utility.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Extension copying in 'ca' utility.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Flexible display options in 'ca' utility.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Provisional support for international characters with UTF8.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Support for external crypto devices ('engine') is no longer
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User a separate distribution.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o New elliptic curve library section.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o New AES (Rijndael) library section.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Linux x86_64, Linux 64-bit on Sparc v9
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Extended support for some platforms: VxWorks
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Enhanced support for shared libraries.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Now only builds PIC code when shared library support is requested.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Support for pkg-config.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Lots of new manuals.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Makes symbolic links to or copies of manuals to cover all described
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Change DES API to clean up the namespace (some applications link also
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User against libdes providing similar functions having the same name).
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User Provide macros for backward compatibility (will be removed in the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Unify handling of cryptographic algorithms (software and engine)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews to be available via EVP routines for asymmetric and symmetric ciphers.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o NCONF: new configuration handling routines.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Change API to use more 'const' modifiers to improve error checking
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and help optimizers.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Finally remove references to RSAref.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Reworked parts of the BIGNUM code.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Support for new engines: Broadcom ubsec, Accelerated Encryption
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Processing, IBM 4758.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o A few new engines added in the demos area.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User o Extended and corrected OID (object identifier) table.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User o PRNG: query at more locations for a random device, automatic query for
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User EGD style random sources at several locations.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o SSL/TLS: allow optional cipher choice according to server's preference.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User o SSL/TLS: allow server to explicitly set new session ids.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User o SSL/TLS: support Kerberos cipher suites (RFC2712).
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User Only supports MIT Kerberos for now.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User o SSL/TLS: allow more precise control of renegotiations and sessions.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o SSL/TLS: add callback to retrieve SSL/TLS messages.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o SSL/TLS: support AES cipher suites (RFC3268).
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security: fix various ASN1 parsing bugs.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o SSL/TLS protocol fix for unrequested client certificates.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security: counter the Klima-Pokorny-Rosa extension of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Bleichbacher's attack
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security: make RSA blinding default.
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User o Build: shared library support fixes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Important security related bugfixes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o New configuration targets for Tandem OSS and A/UX.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o New OIDs for Microsoft attributes.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Better handling of SSL session caching.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Better comparison of distinguished names.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Better handling of shared libraries in a mixed GNU/non-GNU environment.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Support assembler code with Borland C.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Fixes for length problems.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Fixes for uninitialised variables.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Fixes for memory leaks, some unusual crashes and some race conditions.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Fixes for smaller building problems.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Updates of manuals, FAQ and other instructive documents.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Important building fixes on Unix.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Various important bugfixes.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Important security related bugfixes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Various SSL/TLS library bugfixes.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Various SSL/TLS library bugfixes.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Fix DH parameter generation for 'non-standard' generators.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Various SSL/TLS library bugfixes.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o BIGNUM library fixes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o RSA OAEP and random number generation fixes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Object identifiers corrected and added.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Add assembler BN routines for IA64.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User MIPS Linux; shared library support for Irix, HP-UX.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Add crypto accelerator support for AEP, Baltimore SureWare,
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User Broadcom and Cryptographic Appliance's keyserver
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User [in 0.9.6c-engine release].
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User o Security fix: PRNG improvements.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security fix: RSA OAEP check.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security fix: Reinsert and fix countermeasure to Bleichbacher's
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o MIPS bug fix in BIGNUM.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Bug fix in "openssl enc".
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Bug fix in X.509 printing routine.
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User o Bug fix in DSA verification routine and DSA S/MIME verification.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Bug fix to make PRNG thread-safe.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Bug fix in RAND_file_name().
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Bug fix in compatibility mode trust settings.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Bug fix in blowfish EVP.
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User o Increase default size for BIO buffering filter.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Compatibility fixes in some scripts.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security fix: change behavior of OpenSSL to avoid using
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User environment variables when running as root.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security fix: check the result of RSA-CRT to reduce the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User possibility of deducing the private key from an incorrectly
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews calculated signature.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security fix: prevent Bleichenbacher's DSA attack.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Security fix: Zero the premaster secret after deriving the
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User master secret in DH ciphersuites.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Reimplement SSL_peek(), which had various problems.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Compatibility fix: the function des_encrypt() renamed to
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User des_encrypt1() to avoid clashes with some Unixen libc.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Bug fixes for Win32, HP/UX and Irix.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User memory checking routines.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Bug fixes for RSA operations in threaded environments.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Bug fixes in misc. openssl applications.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Remove a few potential memory leaks.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Add tighter checks of BIGNUM routines.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Shared library support has been reworked for generality.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o More documentation.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o New function BN_rand_range().
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User o Add "-rand" option to openssl s_client and s_server.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Some documentation for BIO and SSL libraries.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Enhanced chain verification using key identifiers.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o New sign and verify options to 'dgst' application.
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User o Support for DER and PEM encoded messages in 'smime' application.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o New 'rsautl' application, low level RSA utility.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o MD4 now included.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Bugfix for SSL rollback padding check.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Support for external crypto devices [1].
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews o Enhanced EVP interface.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User [1] The support for external crypto devices is currently a separate
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User distribution. See the file README.ENGINE.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Shared library support for HPUX and Solaris-gcc
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Assembler support for Mingw32
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o New 'rand' application
395c95214142142854509945adf3293c0270e1c5Tinderbox User o New way to check for existence of algorithms from scripts
395c95214142142854509945adf3293c0270e1c5Tinderbox User Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
395c95214142142854509945adf3293c0270e1c5Tinderbox User o S/MIME support in new 'smime' command
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Documentation for the OpenSSL command line application
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Automation of 'req' application
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Fixes to make s_client, s_server work under Windows
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Support for multiple fieldnames in SPKACs
395c95214142142854509945adf3293c0270e1c5Tinderbox User o New SPKAC command line utilty and associated library functions
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Options to allow passwords to be obtained from various sources
395c95214142142854509945adf3293c0270e1c5Tinderbox User o New public key PEM format and options to handle it
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Many other fixes and enhancements to command line utilities
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Usable certificate chain verification
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Certificate purpose checking
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Certificate trust settings
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Support of authority information access extension
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Extensions in certificate requests
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Simplified X509 name and attribute routines
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Initial (incomplete) support for international character sets
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Read only memory BIOs and simplified creation function
395c95214142142854509945adf3293c0270e1c5Tinderbox User o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
395c95214142142854509945adf3293c0270e1c5Tinderbox User record; allow fragmentation and interleaving of handshake and other
395c95214142142854509945adf3293c0270e1c5Tinderbox User o TLS/SSL code now "tolerates" MS SGC
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Work around for Netscape client certificate hang bug
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o RSA_NULL option that removes RSA patent code but keeps other
395c95214142142854509945adf3293c0270e1c5Tinderbox User RSA functionality
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Memory leak detection now allows applications to add extra information
395c95214142142854509945adf3293c0270e1c5Tinderbox User via a per-thread stack
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o PRNG robustness improved
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o EGD support
395c95214142142854509945adf3293c0270e1c5Tinderbox User o BIGNUM library bug fixes
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Faster DSA parameter generation
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Enhanced support for Alpha Linux
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Experimental MacOS support
395c95214142142854509945adf3293c0270e1c5Tinderbox User Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Transparent support for PKCS#8 format private keys: these are used
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User by several software packages and are more secure than the standard
395c95214142142854509945adf3293c0270e1c5Tinderbox User o PKCS#5 v2.0 implementation
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Password callbacks have a new void * argument for application data
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Avoid various memory leaks
395c95214142142854509945adf3293c0270e1c5Tinderbox User o New pipe-like BIO that allows using the SSL library when actual I/O
395c95214142142854509945adf3293c0270e1c5Tinderbox User must be handled by the application (BIO pair)
395c95214142142854509945adf3293c0270e1c5Tinderbox User Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Lots of enhancements and cleanups to the Configuration mechanism
395c95214142142854509945adf3293c0270e1c5Tinderbox User o RSA OEAP related fixes
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Added `openssl ca -revoke' option for revoking a certificate
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Source tree cleanups: removed lots of obsolete files
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Thawte SXNet, certificate policies and CRL distribution points
395c95214142142854509945adf3293c0270e1c5Tinderbox User extension support
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Preliminary (experimental) S/MIME support
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Support for ASN.1 UTF8String and VisibleString
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Full integration of PKCS#12 code
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Sparc assembler bignum implementation, optimized hash functions
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt o Option to disable selected ciphers
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Fixed a security hole related to session resumption
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Fixed RSA encryption routines for the p < q case
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o "ALL" in cipher lists now means "everything except NULL ciphers"
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Support for Triple-DES CBCM cipher
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
1ca759b3f5c0672b2a66bc02288fe010cabbfe37Tinderbox User o First support for new TLSv1 ciphers
1ca759b3f5c0672b2a66bc02288fe010cabbfe37Tinderbox User o Added a few new BIOs (syslog BIO, reliable BIO)
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Extended support for DSA certificate/keys.
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Extended support for Certificate Signing Requests (CSR)
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Initial support for X.509v3 extensions
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Extended support for compression inside the SSL record layer
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Overhauled Win32 builds
1700442a7751c2bbdafe2d039cebbd8316496957Tinderbox User o Cleanups and fixes to the Big Number (BN) library
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Support for ASN.1 GeneralizedTime
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Splitted ASN.1 SETs from SEQUENCEs
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User o ASN1 and PEM support for Netscape Certificate Sequences
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Overhauled Perl interface
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Lots of source tree cleanups.
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Lots of memory leak fixes.
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User o Lots of bug fixes.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Integration of the popular NO_RSA/NO_DSA patches
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Initial support for compression inside the SSL record layer
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Added BIO proxy and filtering functionality
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Extended Big Number (BN) library
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Added RIPE MD160 message digest
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Addeed support for RC2/64bit cipher
395c95214142142854509945adf3293c0270e1c5Tinderbox User o Extended ASN.1 parser routines
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Adjustations of the source tree for CVS
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User o Support for various new platforms