]>
Commit | Line | Data |
---|---|---|
3b52c2e7 RE |
1 | |
2 | NEWS | |
3 | ==== | |
4 | ||
5 | This file gives a brief overview of the major changes between each OpenSSL | |
6 | release. For more details please read the CHANGES file. | |
7 | ||
0c235249 UM |
8 | Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: |
9 | ||
90644dd7 | 10 | o S/MIME support in new 'smime' command |
0c235249 | 11 | o Documentation for the OpenSSL command line application |
90644dd7 DSH |
12 | o Automation of 'req' application |
13 | o Fixes to make s_client, s_server work under Windows | |
14 | o Support for multiple fieldnames in SPKACs | |
15 | o New SPKAC command line utilty and associated library functions | |
ae1bb4e5 | 16 | o Options to allow passwords to be obtained from various sources |
90644dd7 DSH |
17 | o New public key PEM format and options to handle it |
18 | o Many other fixes and enhancements to command line utilities | |
19 | o Usable certificate chain verification | |
20 | o Certificate purpose checking | |
21 | o Certificate trust settings | |
22 | o Support of authority information access extension | |
23 | o Extensions in certificate requests | |
24 | o Simplified X509 name and attribute routines | |
ae1bb4e5 | 25 | o Initial (incomplete) support for international character sets |
90644dd7 DSH |
26 | o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD |
27 | o Read only memory BIOs and simplified creation function | |
8bd5b794 BM |
28 | o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 |
29 | record; allow fragmentation and interleaving of handshake and other | |
30 | data | |
90644dd7 | 31 | o TLS/SSL code now "tolerates" MS SGC |
8bd5b794 | 32 | o Work around for Netscape client certificate hang bug |
90644dd7 DSH |
33 | o RSA_NULL option that removes RSA patent code but keeps other |
34 | RSA functionality | |
07e6dbde BM |
35 | o Memory leak detection now allows applications to add extra information |
36 | via a per-thread stack | |
37 | o PRNG robustness improved | |
4d524e10 | 38 | o EGD support |
6d9ca500 | 39 | o BIGNUM library bug fixes |
4d524e10 | 40 | o Faster DSA parameter generation |
74235cc9 UM |
41 | o Enhanced support for Alpha Linux |
42 | o Experimental MacOS support | |
0c235249 | 43 | |
ed7f60fb DSH |
44 | Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: |
45 | ||
46 | o Transparent support for PKCS#8 format private keys: these are used | |
c97cbcb3 BM |
47 | by several software packages and are more secure than the standard |
48 | form | |
49 | o PKCS#5 v2.0 implementation | |
50 | o Password callbacks have a new void * argument for application data | |
51 | o Avoid various memory leaks | |
52 | o New pipe-like BIO that allows using the SSL library when actual I/O | |
53 | must be handled by the application (BIO pair) | |
ed7f60fb | 54 | |
8e8a8a5f | 55 | Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: |
9de649ff UM |
56 | o Lots of enhancements and cleanups to the Configuration mechanism |
57 | o RSA OEAP related fixes | |
8e8a8a5f RE |
58 | o Added `openssl ca -revoke' option for revoking a certificate |
59 | o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs | |
60 | o Source tree cleanups: removed lots of obsolete files | |
703126f0 | 61 | o Thawte SXNet, certificate policies and CRL distribution points |
a03dd7a6 | 62 | extension support |
703126f0 DSH |
63 | o Preliminary (experimental) S/MIME support |
64 | o Support for ASN.1 UTF8String and VisibleString | |
65 | o Full integration of PKCS#12 code | |
2cf9fcda | 66 | o Sparc assembler bignum implementation, optimized hash functions |
b0759f87 | 67 | o Option to disable selected ciphers |
8e8a8a5f | 68 | |
d343d272 | 69 | Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: |
738769ff RE |
70 | o Fixed a security hole related to session resumption |
71 | o Fixed RSA encryption routines for the p < q case | |
72 | o "ALL" in cipher lists now means "everything except NULL ciphers" | |
3b52c2e7 RE |
73 | o Support for Triple-DES CBCM cipher |
74 | o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA | |
75 | o First support for new TLSv1 ciphers | |
76 | o Added a few new BIOs (syslog BIO, reliable BIO) | |
77 | o Extended support for DSA certificate/keys. | |
03e20a1a | 78 | o Extended support for Certificate Signing Requests (CSR) |
3b52c2e7 RE |
79 | o Initial support for X.509v3 extensions |
80 | o Extended support for compression inside the SSL record layer | |
81 | o Overhauled Win32 builds | |
82 | o Cleanups and fixes to the Big Number (BN) library | |
83 | o Support for ASN.1 GeneralizedTime | |
84 | o Splitted ASN.1 SETs from SEQUENCEs | |
85 | o ASN1 and PEM support for Netscape Certificate Sequences | |
86 | o Overhauled Perl interface | |
87 | o Lots of source tree cleanups. | |
88 | o Lots of memory leak fixes. | |
89 | o Lots of bug fixes. | |
90 | ||
91 | Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: | |
92 | o Integration of the popular NO_RSA/NO_DSA patches | |
93 | o Initial support for compression inside the SSL record layer | |
94 | o Added BIO proxy and filtering functionality | |
95 | o Extended Big Number (BN) library | |
96 | o Added RIPE MD160 message digest | |
97 | o Addeed support for RC2/64bit cipher | |
98 | o Extended ASN.1 parser routines | |
99 | o Adjustations of the source tree for CVS | |
100 | o Support for various new platforms | |
101 |