]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
cd77b3e8 | 5 | Changes between 1.0.0d and 1.0.1 [xx XXX xxxx] |
9472baae | 6 | |
b81fde02 DSH |
7 | *) Add TLS v1.2 server support for client authentication. |
8 | [Steve Henson] | |
9 | ||
7043fa70 DSH |
10 | *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers |
11 | and enable MD5. | |
12 | [Steve Henson] | |
13 | ||
f98d2e5c DSH |
14 | *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying |
15 | FIPS modules versions. | |
16 | [Steve Henson] | |
17 | ||
4fe4c00e DSH |
18 | *) Add TLS v1.2 client side support for client authentication. Keep cache |
19 | of handshake records longer as we don't know the hash algorithm to use | |
20 | until after the certificate request message is received. | |
21 | [Steve Henson] | |
22 | ||
9472baae DSH |
23 | *) Initial TLS v1.2 client support. Add a default signature algorithms |
24 | extension including all the algorithms we support. Parse new signature | |
25 | format in client key exchange. Relax some ECC signing restrictions for | |
26 | TLS v1.2 as indicated in RFC5246. | |
27 | [Steve Henson] | |
28 | ||
29 | *) Add server support for TLS v1.2 signature algorithms extension. Switch | |
30 | to new signature format when needed using client digest preference. | |
31 | All server ciphersuites should now work correctly in TLS v1.2. No client | |
32 | support yet and no support for client certificates. | |
33 | [Steve Henson] | |
34 | ||
35 | *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch | |
36 | to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based | |
37 | ciphersuites. At present only RSA key exchange ciphersuites work with | |
38 | TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete | |
39 | SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods | |
40 | and version checking. | |
41 | [Steve Henson] | |
74096890 DSH |
42 | |
43 | *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled | |
44 | with this defined it will not be affected by any changes to ssl internal | |
45 | structures. Add several utility functions to allow openssl application | |
46 | to work with OPENSSL_NO_SSL_INTERN defined. | |
47 | [Steve Henson] | |
c549810d | 48 | |
a149b246 BL |
49 | *) Add SRP support. |
50 | [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] | |
51 | ||
a618011c DSH |
52 | *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. |
53 | [Steve Henson] | |
54 | ||
48ce525d BM |
55 | *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for |
56 | elliptic curve NIST-P224 with constant-time single point multiplication on | |
57 | typical inputs. EC_GROUP_new_by_curve_name() will automatically use this | |
58 | (while EC_GROUP_new_curve_GFp() currently won't and prefers the more | |
59 | flexible implementations). | |
60 | ||
61 | The implementation requires support for the nonstandard type __uint128_t, | |
62 | and so is disabled by default. To include this in your build of OpenSSL, | |
63 | use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line, | |
64 | and run "make depend" (or "make update"). | |
65 |