1 | |
---|
2 | NEWS |
---|
3 | ==== |
---|
4 | |
---|
5 | This file gives a brief overview of the major changes between each OpenSSL |
---|
6 | release. For more details please read the CHANGES file. |
---|
7 | |
---|
8 | Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: |
---|
9 | |
---|
10 | o Some documentation for BIO and SSL libraries. |
---|
11 | o Enhanced chain verification using key identifiers. |
---|
12 | o New sign and verify options to 'dgst' application. |
---|
13 | o Support for DER and PEM encoded messages in 'smime' application. |
---|
14 | o New 'rsautl' application, low level RSA utility. |
---|
15 | o MD4 now included. |
---|
16 | o Bugfix for SSL rollback padding check. |
---|
17 | o Support for external crypto devices [1]. |
---|
18 | o Enhanced EVP interface. |
---|
19 | |
---|
20 | [1] The support for external crypto devices is currently a separate |
---|
21 | distribution. See the file README.ENGINE. |
---|
22 | |
---|
23 | Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: |
---|
24 | |
---|
25 | o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 |
---|
26 | o Shared library support for HPUX and Solaris-gcc |
---|
27 | o Support of Linux/IA64 |
---|
28 | o Assembler support for Mingw32 |
---|
29 | o New 'rand' application |
---|
30 | o New way to check for existence of algorithms from scripts |
---|
31 | |
---|
32 | Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: |
---|
33 | |
---|
34 | o S/MIME support in new 'smime' command |
---|
35 | o Documentation for the OpenSSL command line application |
---|
36 | o Automation of 'req' application |
---|
37 | o Fixes to make s_client, s_server work under Windows |
---|
38 | o Support for multiple fieldnames in SPKACs |
---|
39 | o New SPKAC command line utilty and associated library functions |
---|
40 | o Options to allow passwords to be obtained from various sources |
---|
41 | o New public key PEM format and options to handle it |
---|
42 | o Many other fixes and enhancements to command line utilities |
---|
43 | o Usable certificate chain verification |
---|
44 | o Certificate purpose checking |
---|
45 | o Certificate trust settings |
---|
46 | o Support of authority information access extension |
---|
47 | o Extensions in certificate requests |
---|
48 | o Simplified X509 name and attribute routines |
---|
49 | o Initial (incomplete) support for international character sets |
---|
50 | o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD |
---|
51 | o Read only memory BIOs and simplified creation function |
---|
52 | o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 |
---|
53 | record; allow fragmentation and interleaving of handshake and other |
---|
54 | data |
---|
55 | o TLS/SSL code now "tolerates" MS SGC |
---|
56 | o Work around for Netscape client certificate hang bug |
---|
57 | o RSA_NULL option that removes RSA patent code but keeps other |
---|
58 | RSA functionality |
---|
59 | o Memory leak detection now allows applications to add extra information |
---|
60 | via a per-thread stack |
---|
61 | o PRNG robustness improved |
---|
62 | o EGD support |
---|
63 | o BIGNUM library bug fixes |
---|
64 | o Faster DSA parameter generation |
---|
65 | o Enhanced support for Alpha Linux |
---|
66 | o Experimental MacOS support |
---|
67 | |
---|
68 | Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: |
---|
69 | |
---|
70 | o Transparent support for PKCS#8 format private keys: these are used |
---|
71 | by several software packages and are more secure than the standard |
---|
72 | form |
---|
73 | o PKCS#5 v2.0 implementation |
---|
74 | o Password callbacks have a new void * argument for application data |
---|
75 | o Avoid various memory leaks |
---|
76 | o New pipe-like BIO that allows using the SSL library when actual I/O |
---|
77 | must be handled by the application (BIO pair) |
---|
78 | |
---|
79 | Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: |
---|
80 | o Lots of enhancements and cleanups to the Configuration mechanism |
---|
81 | o RSA OEAP related fixes |
---|
82 | o Added `openssl ca -revoke' option for revoking a certificate |
---|
83 | o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs |
---|
84 | o Source tree cleanups: removed lots of obsolete files |
---|
85 | o Thawte SXNet, certificate policies and CRL distribution points |
---|
86 | extension support |
---|
87 | o Preliminary (experimental) S/MIME support |
---|
88 | o Support for ASN.1 UTF8String and VisibleString |
---|
89 | o Full integration of PKCS#12 code |
---|
90 | o Sparc assembler bignum implementation, optimized hash functions |
---|
91 | o Option to disable selected ciphers |
---|
92 | |
---|
93 | Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: |
---|
94 | o Fixed a security hole related to session resumption |
---|
95 | o Fixed RSA encryption routines for the p < q case |
---|
96 | o "ALL" in cipher lists now means "everything except NULL ciphers" |
---|
97 | o Support for Triple-DES CBCM cipher |
---|
98 | o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA |
---|
99 | o First support for new TLSv1 ciphers |
---|
100 | o Added a few new BIOs (syslog BIO, reliable BIO) |
---|
101 | o Extended support for DSA certificate/keys. |
---|
102 | o Extended support for Certificate Signing Requests (CSR) |
---|
103 | o Initial support for X.509v3 extensions |
---|
104 | o Extended support for compression inside the SSL record layer |
---|
105 | o Overhauled Win32 builds |
---|
106 | o Cleanups and fixes to the Big Number (BN) library |
---|
107 | o Support for ASN.1 GeneralizedTime |
---|
108 | o Splitted ASN.1 SETs from SEQUENCEs |
---|
109 | o ASN1 and PEM support for Netscape Certificate Sequences |
---|
110 | o Overhauled Perl interface |
---|
111 | o Lots of source tree cleanups. |
---|
112 | o Lots of memory leak fixes. |
---|
113 | o Lots of bug fixes. |
---|
114 | |
---|
115 | Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: |
---|
116 | o Integration of the popular NO_RSA/NO_DSA patches |
---|
117 | o Initial support for compression inside the SSL record layer |
---|
118 | o Added BIO proxy and filtering functionality |
---|
119 | o Extended Big Number (BN) library |
---|
120 | o Added RIPE MD160 message digest |
---|
121 | o Addeed support for RC2/64bit cipher |
---|
122 | o Extended ASN.1 parser routines |
---|
123 | o Adjustations of the source tree for CVS |
---|
124 | o Support for various new platforms |
---|
125 | |
---|