[thirdparty/openssl.git] / NEWS


  NEWS
  ====

  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

      o S/MIME support in new 'smime' command
      o Documentation for the OpenSSL command line application
      o Automation of 'req' application
      o Fixes to make s_client, s_server work under Windows
      o Support for multiple fieldnames in SPKACs
      o New SPKAC command line utilty and associated library functions
      o Options to allow passwords to be obtained from various sources
      o New public key PEM format and options to handle it
      o Many other fixes and enhancements to command line utilities
      o Usable certificate chain verification
      o Certificate purpose checking
      o Certificate trust settings
      o Support of authority information access extension
      o Extensions in certificate requests
      o Simplified X509 name and attribute routines
      o Initial (incomplete) support for international character sets
      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
      o Read only memory BIOs and simplified creation function
      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
        record; allow fragmentation and interleaving of handshake and other
        data
      o TLS/SSL code now "tolerates" MS SGC
      o Work around for Netscape client certificate hang bug
      o RSA_NULL option that removes RSA patent code but keeps other
        RSA functionality
      o Memory leak detection now allows applications to add extra information
        via a per-thread stack
      o PRNG robustness improved
      o BIGNUM library bug fixes
      o faster DSA parameter generation
      o Enhanced support for Alpha Linux
      o Experimental MacOS support

  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:

      o Transparent support for PKCS#8 format private keys: these are used
        by several software packages and are more secure than the standard
        form
      o PKCS#5 v2.0 implementation
      o Password callbacks have a new void * argument for application data
      o Avoid various memory leaks
      o New pipe-like BIO that allows using the SSL library when actual I/O
        must be handled by the application (BIO pair)

  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
      o Lots of enhancements and cleanups to the Configuration mechanism
      o RSA OEAP related fixes
      o Added `openssl ca -revoke' option for revoking a certificate
      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
      o Source tree cleanups: removed lots of obsolete files
      o Thawte SXNet, certificate policies and CRL distribution points
        extension support
      o Preliminary (experimental) S/MIME support
      o Support for ASN.1 UTF8String and VisibleString
      o Full integration of PKCS#12 code
      o Sparc assembler bignum implementation, optimized hash functions
      o Option to disable selected ciphers

  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
      o Fixed a security hole related to session resumption
      o Fixed RSA encryption routines for the p < q case
      o "ALL" in cipher lists now means "everything except NULL ciphers"
      o Support for Triple-DES CBCM cipher
      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
      o First support for new TLSv1 ciphers
      o Added a few new BIOs (syslog BIO, reliable BIO)
      o Extended support for DSA certificate/keys.
      o Extended support for Certificate Signing Requests (CSR)
      o Initial support for X.509v3 extensions
      o Extended support for compression inside the SSL record layer
      o Overhauled Win32 builds
      o Cleanups and fixes to the Big Number (BN) library
      o Support for ASN.1 GeneralizedTime
      o Splitted ASN.1 SETs from SEQUENCEs
      o ASN1 and PEM support for Netscape Certificate Sequences
      o Overhauled Perl interface
      o Lots of source tree cleanups.
      o Lots of memory leak fixes.
      o Lots of bug fixes.

  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
      o Integration of the popular NO_RSA/NO_DSA patches
      o Initial support for compression inside the SSL record layer
      o Added BIO proxy and filtering functionality
      o Extended Big Number (BN) library
      o Added RIPE MD160 message digest
      o Addeed support for RC2/64bit cipher
      o Extended ASN.1 parser routines
      o Adjustations of the source tree for CVS
      o Support for various new platforms
Commit	Line	Data
3b52c2e7 RE	1
	2	NEWS
	3	====
	4
	5	This file gives a brief overview of the major changes between each OpenSSL
	6	release. For more details please read the CHANGES file.
	7
0c235249 UM	8	Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
0c235249 UM	9
90644dd7	10	o S/MIME support in new 'smime' command
0c235249	11	o Documentation for the OpenSSL command line application
90644dd7 DSH	12	o Automation of 'req' application
	13	o Fixes to make s_client, s_server work under Windows
	14	o Support for multiple fieldnames in SPKACs
	15	o New SPKAC command line utilty and associated library functions
ae1bb4e5	16	o Options to allow passwords to be obtained from various sources
90644dd7 DSH	17	o New public key PEM format and options to handle it
	18	o Many other fixes and enhancements to command line utilities
	19	o Usable certificate chain verification
	20	o Certificate purpose checking
	21	o Certificate trust settings
	22	o Support of authority information access extension
	23	o Extensions in certificate requests
	24	o Simplified X509 name and attribute routines
ae1bb4e5	25	o Initial (incomplete) support for international character sets
90644dd7 DSH	26	o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
90644dd7 DSH	27	o Read only memory BIOs and simplified creation function
8bd5b794 BM	28	o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
	29	record; allow fragmentation and interleaving of handshake and other
	30	data
90644dd7	31	o TLS/SSL code now "tolerates" MS SGC
8bd5b794	32	o Work around for Netscape client certificate hang bug
90644dd7 DSH	33	o RSA_NULL option that removes RSA patent code but keeps other
90644dd7 DSH	34	RSA functionality
07e6dbde BM	35	o Memory leak detection now allows applications to add extra information
	36	via a per-thread stack
	37	o PRNG robustness improved
6d9ca500	38	o BIGNUM library bug fixes
8bd5b794	39	o faster DSA parameter generation
74235cc9 UM	40	o Enhanced support for Alpha Linux
74235cc9 UM	41	o Experimental MacOS support
0c235249	42
ed7f60fb DSH	43	Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
	44
	45	o Transparent support for PKCS#8 format private keys: these are used
c97cbcb3 BM	46	by several software packages and are more secure than the standard
	47	form
	48	o PKCS#5 v2.0 implementation
	49	o Password callbacks have a new void * argument for application data
	50	o Avoid various memory leaks
	51	o New pipe-like BIO that allows using the SSL library when actual I/O
	52	must be handled by the application (BIO pair)
ed7f60fb	53
8e8a8a5f	54	Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
9de649ff UM	55	o Lots of enhancements and cleanups to the Configuration mechanism
9de649ff UM	56	o RSA OEAP related fixes
8e8a8a5f RE	57	o Added `openssl ca -revoke' option for revoking a certificate
	58	o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
	59	o Source tree cleanups: removed lots of obsolete files
703126f0	60	o Thawte SXNet, certificate policies and CRL distribution points
a03dd7a6	61	extension support
703126f0 DSH	62	o Preliminary (experimental) S/MIME support
	63	o Support for ASN.1 UTF8String and VisibleString
	64	o Full integration of PKCS#12 code
2cf9fcda	65	o Sparc assembler bignum implementation, optimized hash functions
b0759f87	66	o Option to disable selected ciphers
8e8a8a5f	67
d343d272	68	Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
738769ff RE	69	o Fixed a security hole related to session resumption
	70	o Fixed RSA encryption routines for the p < q case
	71	o "ALL" in cipher lists now means "everything except NULL ciphers"
3b52c2e7 RE	72	o Support for Triple-DES CBCM cipher
	73	o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
	74	o First support for new TLSv1 ciphers
	75	o Added a few new BIOs (syslog BIO, reliable BIO)
	76	o Extended support for DSA certificate/keys.
03e20a1a	77	o Extended support for Certificate Signing Requests (CSR)
3b52c2e7 RE	78	o Initial support for X.509v3 extensions
	79	o Extended support for compression inside the SSL record layer
	80	o Overhauled Win32 builds
	81	o Cleanups and fixes to the Big Number (BN) library
	82	o Support for ASN.1 GeneralizedTime
	83	o Splitted ASN.1 SETs from SEQUENCEs
	84	o ASN1 and PEM support for Netscape Certificate Sequences
	85	o Overhauled Perl interface
	86	o Lots of source tree cleanups.
	87	o Lots of memory leak fixes.
	88	o Lots of bug fixes.
	89
	90	Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
	91	o Integration of the popular NO_RSA/NO_DSA patches
	92	o Initial support for compression inside the SSL record layer
	93	o Added BIO proxy and filtering functionality
	94	o Extended Big Number (BN) library
	95	o Added RIPE MD160 message digest
	96	o Addeed support for RC2/64bit cipher
	97	o Extended ASN.1 parser routines
	98	o Adjustations of the source tree for CVS
	99	o Support for various new platforms
	100