[thirdparty/openssl.git] / NEWS


  NEWS
  ====

  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

      o S/MIME support in new 'smime' command
      o Documentation for the OpenSSL command line application
      o Automation of 'req' application
      o Fixes to make s_client, s_server work under Windows
      o Support for multiple fieldnames in SPKACs
      o New SPKAC command line utilty and associated library functions
      o Options to allow passwords to be passed on command line or environment
      o New public key PEM format and options to handle it
      o Many other fixes and enhancements to command line utilities
      o Usable certificate chain verification
      o Certificate purpose checking
      o Certificate trust settings
      o Support of authority information access extension
      o Extensions in certificate requests
      o Simplified X509 name and attribute routines
      o Initial incomplete support for international character sets
      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
      o Read only memory BIOs and simplified creation function
      o TLS/SSL code now "tolerates" MS SGC
      o RSA_NULL option that removes RSA patent code but keeps other
        RSA functionality
      o Memory leak detection now allows applications to add extra information
        via a per-thread stack
      o PRNG robustness improved
      o Enhanced support for Alpha Linux
      o Experimental MacOS support

  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:

      o Transparent support for PKCS#8 format private keys: these are used
        by several software packages and are more secure than the standard
        form
      o PKCS#5 v2.0 implementation
      o Password callbacks have a new void * argument for application data
      o Avoid various memory leaks
      o New pipe-like BIO that allows using the SSL library when actual I/O
        must be handled by the application (BIO pair)

  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
      o Lots of enhancements and cleanups to the Configuration mechanism
      o RSA OEAP related fixes
      o Added `openssl ca -revoke' option for revoking a certificate
      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
      o Source tree cleanups: removed lots of obsolete files
      o Thawte SXNet, certificate policies and CRL distribution points
        extension support
      o Preliminary (experimental) S/MIME support
      o Support for ASN.1 UTF8String and VisibleString
      o Full integration of PKCS#12 code
      o Sparc assembler bignum implementation, optimized hash functions
      o Option to disable selected ciphers

  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
      o Fixed a security hole related to session resumption
      o Fixed RSA encryption routines for the p < q case
      o "ALL" in cipher lists now means "everything except NULL ciphers"
      o Support for Triple-DES CBCM cipher
      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
      o First support for new TLSv1 ciphers
      o Added a few new BIOs (syslog BIO, reliable BIO)
      o Extended support for DSA certificate/keys.
      o Extended support for Certificate Signing Requests (CSR)
      o Initial support for X.509v3 extensions
      o Extended support for compression inside the SSL record layer
      o Overhauled Win32 builds
      o Cleanups and fixes to the Big Number (BN) library
      o Support for ASN.1 GeneralizedTime
      o Splitted ASN.1 SETs from SEQUENCEs
      o ASN1 and PEM support for Netscape Certificate Sequences
      o Overhauled Perl interface
      o Lots of source tree cleanups.
      o Lots of memory leak fixes.
      o Lots of bug fixes.

  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
      o Integration of the popular NO_RSA/NO_DSA patches
      o Initial support for compression inside the SSL record layer
      o Added BIO proxy and filtering functionality
      o Extended Big Number (BN) library
      o Added RIPE MD160 message digest
      o Addeed support for RC2/64bit cipher
      o Extended ASN.1 parser routines
      o Adjustations of the source tree for CVS
      o Support for various new platforms
Commit	Line	Data
3b52c2e7 RE	1
	2	NEWS
	3	====
	4
	5	This file gives a brief overview of the major changes between each OpenSSL
	6	release. For more details please read the CHANGES file.
	7
0c235249 UM	8	Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
0c235249 UM	9
90644dd7	10	o S/MIME support in new 'smime' command
0c235249	11	o Documentation for the OpenSSL command line application
90644dd7 DSH	12	o Automation of 'req' application
	13	o Fixes to make s_client, s_server work under Windows
	14	o Support for multiple fieldnames in SPKACs
	15	o New SPKAC command line utilty and associated library functions
	16	o Options to allow passwords to be passed on command line or environment
	17	o New public key PEM format and options to handle it
	18	o Many other fixes and enhancements to command line utilities
	19	o Usable certificate chain verification
	20	o Certificate purpose checking
	21	o Certificate trust settings
	22	o Support of authority information access extension
	23	o Extensions in certificate requests
	24	o Simplified X509 name and attribute routines
	25	o Initial incomplete support for international character sets
	26	o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
	27	o Read only memory BIOs and simplified creation function
	28	o TLS/SSL code now "tolerates" MS SGC
	29	o RSA_NULL option that removes RSA patent code but keeps other
	30	RSA functionality
07e6dbde BM	31	o Memory leak detection now allows applications to add extra information
	32	via a per-thread stack
	33	o PRNG robustness improved
74235cc9 UM	34	o Enhanced support for Alpha Linux
74235cc9 UM	35	o Experimental MacOS support
0c235249	36
ed7f60fb DSH	37	Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
	38
	39	o Transparent support for PKCS#8 format private keys: these are used
c97cbcb3 BM	40	by several software packages and are more secure than the standard
	41	form
	42	o PKCS#5 v2.0 implementation
	43	o Password callbacks have a new void * argument for application data
	44	o Avoid various memory leaks
	45	o New pipe-like BIO that allows using the SSL library when actual I/O
	46	must be handled by the application (BIO pair)
ed7f60fb	47
8e8a8a5f	48	Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
9de649ff UM	49	o Lots of enhancements and cleanups to the Configuration mechanism
9de649ff UM	50	o RSA OEAP related fixes
8e8a8a5f RE	51	o Added `openssl ca -revoke' option for revoking a certificate
	52	o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
	53	o Source tree cleanups: removed lots of obsolete files
703126f0	54	o Thawte SXNet, certificate policies and CRL distribution points
a03dd7a6	55	extension support
703126f0 DSH	56	o Preliminary (experimental) S/MIME support
	57	o Support for ASN.1 UTF8String and VisibleString
	58	o Full integration of PKCS#12 code
2cf9fcda	59	o Sparc assembler bignum implementation, optimized hash functions
b0759f87	60	o Option to disable selected ciphers
8e8a8a5f	61
d343d272	62	Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
738769ff RE	63	o Fixed a security hole related to session resumption
	64	o Fixed RSA encryption routines for the p < q case
	65	o "ALL" in cipher lists now means "everything except NULL ciphers"
3b52c2e7 RE	66	o Support for Triple-DES CBCM cipher
	67	o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
	68	o First support for new TLSv1 ciphers
	69	o Added a few new BIOs (syslog BIO, reliable BIO)
	70	o Extended support for DSA certificate/keys.
03e20a1a	71	o Extended support for Certificate Signing Requests (CSR)
3b52c2e7 RE	72	o Initial support for X.509v3 extensions
	73	o Extended support for compression inside the SSL record layer
	74	o Overhauled Win32 builds
	75	o Cleanups and fixes to the Big Number (BN) library
	76	o Support for ASN.1 GeneralizedTime
	77	o Splitted ASN.1 SETs from SEQUENCEs
	78	o ASN1 and PEM support for Netscape Certificate Sequences
	79	o Overhauled Perl interface
	80	o Lots of source tree cleanups.
	81	o Lots of memory leak fixes.
	82	o Lots of bug fixes.
	83
	84	Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
	85	o Integration of the popular NO_RSA/NO_DSA patches
	86	o Initial support for compression inside the SSL record layer
	87	o Added BIO proxy and filtering functionality
	88	o Extended Big Number (BN) library
	89	o Added RIPE MD160 message digest
	90	o Addeed support for RC2/64bit cipher
	91	o Extended ASN.1 parser routines
	92	o Adjustations of the source tree for CVS
	93	o Support for various new platforms
	94