]>
Commit | Line | Data |
---|---|---|
5f8e6c50 DMSP |
1 | NEWS |
2 | ==== | |
3 | ||
4 | This file gives a brief overview of the major changes between each OpenSSL | |
5 | release. For more details please read the CHANGES file. | |
6 | ||
4477beac DMSP |
7 | OpenSSL Releases |
8 | ---------------- | |
9 | ||
186b3f6a | 10 | - [OpenSSL 3.3](#openssl-33) |
45ada6b9 | 11 | - [OpenSSL 3.2](#openssl-32) |
3c53032a | 12 | - [OpenSSL 3.1](#openssl-31) |
4477beac DMSP |
13 | - [OpenSSL 3.0](#openssl-30) |
14 | - [OpenSSL 1.1.1](#openssl-111) | |
15 | - [OpenSSL 1.1.0](#openssl-110) | |
16 | - [OpenSSL 1.0.2](#openssl-102) | |
17 | - [OpenSSL 1.0.1](#openssl-101) | |
18 | - [OpenSSL 1.0.0](#openssl-100) | |
19 | - [OpenSSL 0.9.x](#openssl-09x) | |
20 | ||
eb33768e TM |
21 | OpenSSL 3.4 |
22 | ----------- | |
23 | ||
24 | ### Major changes between OpenSSL 3.3 and OpenSSL 3.4 [under development] | |
25 | ||
26 | OpenSSL 3.4.0 is a feature release adding significant new functionality to | |
27 | OpenSSL. | |
28 | ||
29 | This release is in development. | |
30 | ||
186b3f6a RL |
31 | OpenSSL 3.3 |
32 | ----------- | |
33 | ||
34 | ### Major changes between OpenSSL 3.2 and OpenSSL 3.3 [under development] | |
35 | ||
eb33768e TM |
36 | OpenSSL 3.3.0 is a feature release adding significant new functionality to |
37 | OpenSSL. | |
38 | ||
39 | This release adds the following new features: | |
40 | ||
41 | * Support for qlog for tracing QUIC connections has been added | |
42 | ||
43 | * Added APIs to allow configuring the negotiated idle timeout for QUIC | |
44 | connections, and to allow determining the number of additional streams | |
45 | that can currently be created for a QUIC connection. | |
46 | ||
47 | * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL | |
48 | objects | |
49 | ||
50 | * Added APIs to allow querying the size and utilisation of a QUIC stream's | |
51 | write buffer | |
52 | ||
53 | * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN) | |
54 | condition in an optimised way when using QUIC. | |
55 | ||
56 | * Limited support for polling of QUIC connection and stream objects in a | |
57 | non-blocking manner. | |
58 | ||
59 | * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple | |
60 | times with different output sizes. | |
61 | ||
10264b53 RL |
62 | * Added exporter for CMake on Unix and Windows, alongside the pkg-config |
63 | exporter. | |
186b3f6a | 64 | |
eb33768e TM |
65 | * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable |
66 | output length. | |
67 | ||
68 | * The EVP_PKEY_fromdata function has been augmented to allow for the | |
69 | derivation of CRT (Chinese Remainder Theorem) parameters when requested | |
70 | ||
71 | * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex() | |
72 | using time_t which is Y2038 safe on 32 bit systems when 64 bit time | |
73 | is enabled | |
74 | ||
75 | * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms | |
76 | config options and the respective calls to SSL[_CTX]_set1_sigalgs() and | |
77 | SSL[_CTX]_set1_client_sigalgs() that start with `?` character are | |
78 | ignored and the configuration will still be used. | |
79 | ||
80 | * Added `-set_issuer` and `-set_subject` options to `openssl x509` to | |
81 | override the Issuer and Subject when creating a certificate. The `-subj` | |
82 | option now is an alias for `-set_subject`. | |
83 | ||
84 | * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483 | |
85 | ||
86 | * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3 | |
87 | server to prefer session resumption using PSK-only key exchange over PSK | |
88 | with DHE, if both are available. | |
89 | ||
90 | * New atexit configuration switch, which controls whether the OPENSSL_cleanup | |
91 | is registered when libcrypto is unloaded. | |
92 | ||
93 | * Added X509_STORE_get1_objects to avoid issues with the existing | |
94 | X509_STORE_get0_objects API in multi-threaded applications. | |
95 | ||
96 | This release incorporates the following potentially significant or incompatible | |
97 | changes: | |
98 | ||
99 | * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 | |
100 | ||
101 | * Optimized AES-CTR for ARM Neoverse V1 and V2 | |
102 | ||
103 | * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems | |
104 | similar to M1/M2. | |
105 | ||
106 | * Various optimizations for cryptographic routines using RISC-V vector crypto | |
107 | extensions | |
108 | ||
109 | * Added assembly implementation for md5 on loongarch64 | |
110 | ||
111 | * Accept longer context for TLS 1.2 exporters | |
112 | ||
113 | * The activate and soft_load configuration settings for providers in | |
114 | openssl.cnf have been updated to require a value of [1|yes|true|on] | |
115 | (in lower or UPPER case) to enable the setting. Conversely a value | |
116 | of [0|no|false|off] will disable the setting. | |
117 | ||
118 | * In `openssl speed`, changed the default hash function used with `hmac` from | |
119 | `md5` to `sha256`. | |
120 | ||
121 | * The `-verify` option to the `openssl crl` and `openssl req` will make the | |
122 | program exit with 1 on failure. | |
123 | ||
124 | * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and | |
125 | related functions have been augmented to check for a minimum length of | |
126 | the input string, in accordance with ITU-T X.690 section 11.7 and 11.8. | |
127 | ||
128 | * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1 | |
129 | if called with a NULL stack argument. | |
130 | ||
131 | * New limit on HTTP response headers is introduced to HTTP client. The | |
132 | default limit is set to 256 header lines. | |
133 | ||
134 | This release incorporates the following bug fixes and mitigations: | |
135 | ||
136 | * The BIO_get_new_index() function can only be called 127 times before it | |
137 | reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its | |
138 | exhausted. | |
139 | ||
140 | A more detailed list of changes in this release can be found in the | |
141 | [CHANGES.md] file. | |
142 | ||
143 | Users interested in using the new QUIC functionality are encouraged to read the | |
144 | [README file for QUIC][README-QUIC.md], which provides links to relevant | |
145 | documentation and example code. | |
146 | ||
147 | As always, bug reports and issues relating to OpenSSL can be [filed on our issue | |
148 | tracker][issue tracker]. | |
149 | ||
45ada6b9 | 150 | OpenSSL 3.2 |
27272657 RL |
151 | ----------- |
152 | ||
03c4b0ea MC |
153 | ### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development] |
154 | ||
155 | OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this | |
156 | release is Low. | |
157 | ||
158 | This release incorporates the following bug fixes and mitigations: | |
159 | ||
160 | * Fixed unbounded memory growth with session handling in TLSv1.3 | |
161 | ([CVE-2024-2511]) | |
162 | ||
163 | ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024] | |
5dc2b72d | 164 | |
0873e6f6 MC |
165 | OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this |
166 | release is Low. | |
167 | ||
168 | This release incorporates the following bug fixes and mitigations: | |
38b2508f | 169 | |
0873e6f6 MC |
170 | * Fixed PKCS12 Decoding crashes |
171 | ([CVE-2024-0727]) | |
172 | * Fixed excessive time spent checking invalid RSA public keys | |
173 | ([CVE-2023-6237]) | |
38b2508f | 174 | * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC |
858c7bc2 TM |
175 | CPUs which support PowerISA 2.07 |
176 | ([CVE-2023-6129]) | |
5dc2b72d TM |
177 | |
178 | ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023] | |
27272657 | 179 | |
36eb3cfb HL |
180 | OpenSSL 3.2.0 is a feature release adding significant new functionality to |
181 | OpenSSL. | |
182 | ||
183 | This release incorporates the following potentially significant or incompatible | |
184 | changes: | |
185 | ||
7542bdbf | 186 | * The default SSL/TLS security level has been changed from 1 to 2. |
36eb3cfb | 187 | |
7542bdbf | 188 | * The `x509`, `ca`, and `req` apps now always produce X.509v3 certificates. |
36eb3cfb HL |
189 | |
190 | * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings | |
d8d19107 | 191 | by default. Also spaces surrounding `=` in DN output are removed. |
36eb3cfb HL |
192 | |
193 | This release adds the following new features: | |
194 | ||
195 | * Support for client side QUIC, including support for | |
196 | multiple streams (RFC 9000) | |
197 | ||
198 | * Support for Ed25519ctx, Ed25519ph and Ed448ph in addition | |
199 | to existing support for Ed25519 and Ed448 (RFC 8032) | |
200 | ||
201 | * Support for deterministic ECDSA signatures (RFC 6979) | |
202 | ||
203 | * Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452) | |
204 | ||
205 | * Support for the Argon2 KDF, along with supporting thread pool | |
206 | functionality (RFC 9106) | |
207 | ||
208 | * Support for Hybrid Public Key Encryption (HPKE) (RFC 9180) | |
209 | ||
210 | * Support for SM4-XTS | |
211 | ||
212 | * Support for Brainpool curves in TLS 1.3 | |
213 | ||
214 | * Support for TLS Raw Public Keys (RFC 7250) | |
215 | ||
216 | * Support for TCP Fast Open on Linux, macOS and FreeBSD, | |
217 | where enabled and supported (RFC 7413) | |
218 | ||
219 | * Support for TLS certificate compression, including library | |
220 | support for zlib, Brotli and zstd (RFC 8879) | |
221 | ||
222 | * Support for provider-based pluggable signature algorithms | |
223 | in TLS 1.3 with supporting CMS and X.509 functionality | |
224 | ||
225 | With a suitable provider this enables the use of post-quantum/quantum-safe | |
226 | cryptography. | |
227 | ||
228 | * Support for using the Windows system certificate store as a source of | |
229 | trusted root certificates | |
230 | ||
231 | This is not yet enabled by default and must be activated using an | |
232 | environment variable. This is likely to become enabled by default | |
233 | in a future feature release. | |
234 | ||
235 | * Support for using the IANA standard names in TLS ciphersuite configuration | |
236 | ||
237 | * Multiple new features and improvements to CMP protocol support | |
238 | ||
239 | The following known issues are present in this release and will be rectified | |
240 | in a future release: | |
241 | ||
242 | * Provider-based signature algorithms cannot be configured using the | |
243 | SignatureAlgorithms configuration file parameter (#22761) | |
244 | ||
245 | This release incorporates the following documentation enhancements: | |
246 | ||
247 | * Added multiple tutorials on the OpenSSL library and in particular | |
248 | on writing various clients (using TLS and QUIC protocols) with libssl | |
249 | ||
250 | See [OpenSSL Guide]. | |
251 | ||
afb19f07 MC |
252 | This release incorporates the following bug fixes and mitigations: |
253 | ||
254 | * Fixed excessive time spent in DH check / generation with large Q parameter | |
255 | value | |
256 | ([CVE-2023-5678]) | |
257 | ||
36eb3cfb HL |
258 | A more detailed list of changes in this release can be found in the |
259 | [CHANGES.md] file. | |
260 | ||
261 | Users interested in using the new QUIC functionality are encouraged to read the | |
262 | [README file for QUIC][README-QUIC.md], which provides links to relevant | |
263 | documentation and example code. | |
264 | ||
265 | As always, bug reports and issues relating to OpenSSL can be [filed on our issue | |
266 | tracker][issue tracker]. | |
3c53032a TM |
267 | |
268 | OpenSSL 3.1 | |
269 | ----------- | |
270 | ||
96ee2c38 | 271 | ### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023] |
1e6e682a P |
272 | |
273 | * Mitigate incorrect resize handling for symmetric cipher keys and IVs. | |
274 | ([CVE-2023-5363]) | |
275 | ||
276 | ### Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023] | |
02f84b02 | 277 | |
0be7510f TM |
278 | * Fix POLY1305 MAC implementation corrupting XMM registers on Windows |
279 | ([CVE-2023-4807]) | |
02f84b02 TM |
280 | |
281 | ### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023] | |
7a3d32ae | 282 | |
4b297628 | 283 | * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817]) |
4ec53ad6 | 284 | * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446]) |
1e398bec TM |
285 | * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975]) |
286 | * When building with the `enable-fips` option and using the resulting | |
287 | FIPS provider, TLS 1.2 will, by default, mandate the use of an | |
288 | extended master secret and the Hash and HMAC DRBGs will not operate | |
289 | with truncated digests. | |
7a3d32ae P |
290 | |
291 | ### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023] | |
986f9a67 | 292 | |
d63b3e79 RL |
293 | * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT |
294 | IDENTIFIER sub-identities. ([CVE-2023-2650]) | |
72dfe465 TM |
295 | * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms |
296 | ([CVE-2023-1255]) | |
5ab3f71a | 297 | * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466]) |
986f9a67 MC |
298 | * Fixed handling of invalid certificate policies in leaf certificates |
299 | ([CVE-2023-0465]) | |
300 | * Limited the number of nodes created in a policy tree ([CVE-2023-0464]) | |
301 | ||
302 | ### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023] | |
3c53032a | 303 | |
7bf2e4d7 | 304 | * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. |
3c53032a TM |
305 | * Performance enhancements and new platform support including new |
306 | assembler code algorithm implementations. | |
307 | * Deprecated LHASH statistics functions. | |
308 | * FIPS 140-3 compliance changes. | |
27272657 | 309 | |
4477beac DMSP |
310 | OpenSSL 3.0 |
311 | ----------- | |
312 | ||
5f14b5bc TM |
313 | ### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] |
314 | ||
315 | * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) | |
316 | * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286]) | |
317 | * Fixed NULL dereference validating DSA public key ([CVE-2023-0217]) | |
318 | * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216]) | |
319 | * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215]) | |
320 | * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450]) | |
321 | * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304]) | |
322 | * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203]) | |
323 | * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996]) | |
324 | ||
e0fbaf2a TM |
325 | ### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] |
326 | ||
327 | * Added RIPEMD160 to the default provider. | |
328 | * Fixed regressions introduced in 3.0.6 version. | |
329 | * Fixed two buffer overflows in punycode decoding functions. | |
330 | ([CVE-2022-3786]) and ([CVE-2022-3602]) | |
331 | ||
79edcf4d MC |
332 | ### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022] |
333 | ||
334 | * Fix for custom ciphers to prevent accidental use of NULL encryption | |
335 | ([CVE-2022-3358]) | |
336 | ||
337 | ### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022] | |
338 | ||
339 | * Fixed heap memory corruption with RSA private key operation | |
340 | ([CVE-2022-2274]) | |
341 | * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms | |
342 | ([CVE-2022-2097]) | |
343 | ||
de85a9de MC |
344 | ### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] |
345 | ||
346 | * Fixed additional bugs in the c_rehash script which was not properly | |
347 | sanitising shell metacharacters to prevent command injection | |
348 | ([CVE-2022-2068]) | |
349 | ||
350 | ### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022] | |
73e044bd MC |
351 | |
352 | * Fixed a bug in the c_rehash script which was not properly sanitising shell | |
353 | metacharacters to prevent command injection ([CVE-2022-1292]) | |
354 | * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer | |
355 | certificate on an OCSP response ([CVE-2022-1343]) | |
356 | * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the | |
357 | AAD data as the MAC key ([CVE-2022-1434]) | |
358 | * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory | |
10fe5e29 | 359 | occupied by the removed hash table entries ([CVE-2022-1473]) |
73e044bd | 360 | |
5f14b5bc | 361 | ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] |
a40398a1 MC |
362 | |
363 | * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever | |
364 | for non-prime moduli ([CVE-2022-0778]) | |
365 | ||
5f14b5bc | 366 | ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021] |
1f8ca9e3 | 367 | |
5eef9e1d MC |
368 | * Fixed invalid handling of X509_verify_cert() internal errors in libssl |
369 | ([CVE-2021-4044]) | |
370 | * Allow fetching an operation from the provider that owns an unexportable key | |
371 | as a fallback if that is still allowed by the property query. | |
372 | ||
5f14b5bc | 373 | ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021] |
4477beac | 374 | |
e567367a | 375 | * Enhanced 'openssl list' with many new options. |
95a444c9 TM |
376 | * Added migration guide to man7. |
377 | * Implemented support for fully "pluggable" TLSv1.3 groups. | |
d7f3a2cc | 378 | * Added support for Kernel TLS (KTLS). |
18fdebf1 | 379 | * Changed the license to the Apache License v2.0. |
c7d4d032 MC |
380 | * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, |
381 | RC4, RC5, and DES to the legacy provider. | |
382 | * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy | |
383 | provider. | |
f9253152 | 384 | * Added convenience functions for generating asymmetric key pairs. |
92bc61e4 RL |
385 | * Deprecated the `OCSP_REQ_CTX` type and functions. |
386 | * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. | |
387 | * Deprecated the `RSA` and `RSA_METHOD` types and functions. | |
388 | * Deprecated the `DSA` and `DSA_METHOD` types and functions. | |
389 | * Deprecated the `DH` and `DH_METHOD` types and functions. | |
f5a46ed7 | 390 | * Deprecated the `ERR_load_` functions. |
7d615e21 | 391 | * Remove the `RAND_DRBG` API. |
8dab4de5 | 392 | * Deprecated the `ENGINE` API. |
b4250010 | 393 | * Added `OSSL_LIB_CTX`, a libcrypto library context. |
95a444c9 TM |
394 | * Added various `_ex` functions to the OpenSSL API that support using |
395 | a non-default `OSSL_LIB_CTX`. | |
eca47139 | 396 | * Interactive mode is removed from the 'openssl' program. |
8b29bada P |
397 | * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are |
398 | included in the FIPS provider. | |
4477beac DMSP |
399 | * X509 certificates signed using SHA1 are no longer allowed at security |
400 | level 1 or higher. The default security level for TLS is 1, so | |
401 | certificates signed using SHA1 are by default no longer trusted to | |
402 | authenticate servers or clients. | |
5f8e6c50 DMSP |
403 | * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly |
404 | disabled; the project uses address sanitize/leak-detect instead. | |
e7774c28 DDO |
405 | * Added a Certificate Management Protocol (CMP, RFC 4210) implementation |
406 | also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). | |
8d9a4d83 | 407 | It is part of the crypto lib and adds a 'cmp' app with a demo configuration. |
e7774c28 | 408 | All widely used CMP features are supported for both clients and servers. |
82990287 DDO |
409 | * Added a proper HTTP client supporting GET with optional redirection, POST, |
410 | arbitrary request and response content types, TLS, persistent connections, | |
411 | connections via HTTP(s) proxies, connections and exchange via user-defined | |
412 | BIOs (allowing implicit connections), and timeout checks. | |
16c6534b | 413 | * Added util/check-format.pl for checking adherence to the coding guidelines. |
ece9304c | 414 | * Added OSSL_ENCODER, a generic encoder API. |
02649104 | 415 | * Added OSSL_DECODER, a generic decoder API. |
be19d3ca | 416 | * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. |
5f8e6c50 | 417 | * Added error raising macros, ERR_raise() and ERR_raise_data(). |
af2f14ac RL |
418 | * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), |
419 | ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and | |
420 | ERR_func_error_string(). | |
d7f3a2cc | 421 | * Added OSSL_PROVIDER_available(), to check provider availability. |
5f8e6c50 DMSP |
422 | * Added 'openssl mac' that uses the EVP_MAC API. |
423 | * Added 'openssl kdf' that uses the EVP_KDF API. | |
424 | * Add OPENSSL_info() and 'openssl info' to get built-in data. | |
425 | * Add support for enabling instrumentation through trace and debug | |
426 | output. | |
427 | * Changed our version number scheme and set the next major release to | |
428 | 3.0.0 | |
429 | * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC | |
42cf25fc | 430 | bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 |
8b29bada | 431 | and SIPHASH. |
5f8e6c50 | 432 | * Removed the heartbeat message in DTLS feature. |
8b29bada P |
433 | * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to |
434 | EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, | |
435 | PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. | |
8c1cbc72 | 436 | * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, |
4477beac DMSP |
437 | SHA256, SHA384, SHA512 and Whirlpool digest functions have been |
438 | deprecated. | |
8c1cbc72 | 439 | * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, |
4477beac | 440 | RC4, RC5 and SEED cipher functions have been deprecated. |
8c1cbc72 | 441 | * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions |
4477beac | 442 | have been deprecated. |
50d1d92d P |
443 | * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, |
444 | except when RSA key exchange without SHA1 is used. | |
8e7d941a RL |
445 | * Added providers, a new pluggability concept that will replace the |
446 | ENGINE API and ENGINE implementations. | |
4477beac DMSP |
447 | |
448 | OpenSSL 1.1.1 | |
449 | ------------- | |
450 | ||
796f4f70 | 451 | ### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] |
fdd43643 | 452 | |
796f4f70 MC |
453 | * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) |
454 | * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) | |
455 | ||
456 | ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] | |
c913dbd7 | 457 | |
468d9d55 MC |
458 | * Fixed a problem with verifying a certificate chain when using the |
459 | X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) | |
460 | * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously | |
461 | crafted renegotiation ClientHello message from a client ([CVE-2021-3449]) | |
462 | ||
c913dbd7 MC |
463 | ### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] |
464 | ||
465 | * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() | |
466 | function ([CVE-2021-23841]) | |
467 | * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING | |
468 | padding mode to correctly check for rollback attacks | |
469 | * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and | |
470 | EVP_DecryptUpdate functions ([CVE-2021-23840]) | |
471 | * Fixed SRP_Calc_client_key so that it runs in constant time | |
472 | ||
473 | ### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] | |
8658fedd | 474 | |
1e13198f | 475 | * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971]) |
8658fedd | 476 | |
6ffc3127 DMSP |
477 | ### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] |
478 | ||
479 | * Disallow explicit curve parameters in verifications chains when | |
480 | X509_V_FLAG_X509_STRICT is used | |
481 | * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS | |
482 | contexts | |
483 | * Oracle Developer Studio will start reporting deprecation warnings | |
484 | ||
485 | ### Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] | |
486 | ||
d8dc8538 | 487 | * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967]) |
6ffc3127 DMSP |
488 | |
489 | ### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] | |
490 | ||
491 | * Revert the unexpected EOF reporting via SSL_ERROR_SSL | |
492 | ||
257e9d03 | 493 | ### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] |
8658fedd DMSP |
494 | |
495 | * Fixed an overflow bug in the x64_64 Montgomery squaring procedure | |
d8dc8538 | 496 | used in exponentiation with 512-bit moduli ([CVE-2019-1551]) |
8658fedd | 497 | |
257e9d03 | 498 | ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] |
4477beac | 499 | |
d8dc8538 | 500 | * Fixed a fork protection issue ([CVE-2019-1549]) |
4477beac | 501 | * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey |
d8dc8538 | 502 | ([CVE-2019-1563]) |
4477beac DMSP |
503 | * For built-in EC curves, ensure an EC_GROUP built from the curve name is |
504 | used even when parsing explicit parameters | |
505 | * Compute ECC cofactors if not provided during EC_GROUP construction | |
d8dc8538 | 506 | ([CVE-2019-1547]) |
4477beac DMSP |
507 | * Early start up entropy quality from the DEVRANDOM seed source has been |
508 | improved for older Linux systems | |
509 | * Correct the extended master secret constant on EBCDIC systems | |
d8dc8538 | 510 | * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) |
4477beac DMSP |
511 | * Changed DH_check to accept parameters with order q and 2q subgroups |
512 | * Significantly reduce secure memory usage by the randomness pools | |
513 | * Revert the DEVRANDOM_WAIT feature for Linux systems | |
514 | ||
257e9d03 | 515 | ### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] |
4477beac | 516 | |
d8dc8538 | 517 | * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) |
4477beac | 518 | |
257e9d03 | 519 | ### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] |
4477beac DMSP |
520 | |
521 | * Change the info callback signals for the start and end of a post-handshake | |
522 | message exchange in TLSv1.3. | |
523 | * Fix a bug in DTLS over SCTP. This breaks interoperability with older | |
524 | versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. | |
5f8e6c50 | 525 | |
257e9d03 | 526 | ### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] |
5f8e6c50 | 527 | |
d8dc8538 DMSP |
528 | * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) |
529 | * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) | |
5f8e6c50 | 530 | |
257e9d03 | 531 | ### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] |
5f8e6c50 | 532 | |
4477beac | 533 | * Support for TLSv1.3 added. The TLSv1.3 implementation includes: |
257e9d03 RS |
534 | * Fully compliant implementation of RFC8446 (TLSv1.3) on by default |
535 | * Early data (0-RTT) | |
536 | * Post-handshake authentication and key update | |
537 | * Middlebox Compatibility Mode | |
538 | * TLSv1.3 PSKs | |
539 | * Support for all five RFC8446 ciphersuites | |
540 | * RSA-PSS signature algorithms (backported to TLSv1.2) | |
541 | * Configurable session ticket support | |
542 | * Stateless server support | |
543 | * Rewrite of the packet construction code for "safer" packet handling | |
544 | * Rewrite of the extension handling code | |
4477beac DMSP |
545 | For further important information, see the [TLS1.3 page]( |
546 | https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki. | |
547 | ||
5f8e6c50 DMSP |
548 | * Complete rewrite of the OpenSSL random number generator to introduce the |
549 | following capabilities | |
550 | * The default RAND method now utilizes an AES-CTR DRBG according to | |
551 | NIST standard SP 800-90Ar1. | |
552 | * Support for multiple DRBG instances with seed chaining. | |
553 | * There is a public and private DRBG instance. | |
554 | * The DRBG instances are fork-safe. | |
555 | * Keep all global DRBG instances on the secure heap if it is enabled. | |
556 | * The public and private DRBG instance are per thread for lock free | |
557 | operation | |
558 | * Support for various new cryptographic algorithms including: | |
559 | * SHA3 | |
560 | * SHA512/224 and SHA512/256 | |
561 | * EdDSA (both Ed25519 and Ed448) including X509 and TLS support | |
562 | * X448 (adding to the existing X25519 support in 1.1.0) | |
563 | * Multi-prime RSA | |
564 | * SM2 | |
565 | * SM3 | |
566 | * SM4 | |
567 | * SipHash | |
568 | * ARIA (including TLS support) | |
569 | * Significant Side-Channel attack security improvements | |
570 | * Add a new ClientHello callback to provide the ability to adjust the SSL | |
571 | object at an early stage. | |
572 | * Add 'Maximum Fragment Length' TLS extension negotiation and support | |
573 | * A new STORE module, which implements a uniform and URI based reader of | |
574 | stores that can contain keys, certificates, CRLs and numerous other | |
575 | objects. | |
576 | * Move the display of configuration data to configdata.pm. | |
577 | * Allow GNU style "make variables" to be used with Configure. | |
578 | * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes | |
579 | * Rewrite of devcrypto engine | |
580 | ||
4477beac DMSP |
581 | OpenSSL 1.1.0 |
582 | ------------- | |
583 | ||
257e9d03 | 584 | ### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] |
4477beac DMSP |
585 | |
586 | * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey | |
d8dc8538 | 587 | ([CVE-2019-1563]) |
4477beac DMSP |
588 | * For built-in EC curves, ensure an EC_GROUP built from the curve name is |
589 | used even when parsing explicit parameters | |
590 | * Compute ECC cofactors if not provided during EC_GROUP construction | |
d8dc8538 DMSP |
591 | ([CVE-2019-1547]) |
592 | * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) | |
4477beac | 593 | |
257e9d03 | 594 | ### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] |
4477beac | 595 | |
d8dc8538 | 596 | * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) |
4477beac | 597 | |
257e9d03 | 598 | ### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] |
4477beac | 599 | |
d8dc8538 DMSP |
600 | * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) |
601 | * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) | |
4477beac | 602 | |
257e9d03 | 603 | ### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] |
5f8e6c50 | 604 | |
d8dc8538 DMSP |
605 | * Client DoS due to large DH parameter ([CVE-2018-0732]) |
606 | * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) | |
4477beac | 607 | |
257e9d03 | 608 | ### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] |
5f8e6c50 DMSP |
609 | |
610 | * Constructed ASN.1 types with a recursive definition could exceed the | |
d8dc8538 DMSP |
611 | stack ([CVE-2018-0739]) |
612 | * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733]) | |
613 | * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) | |
5f8e6c50 | 614 | |
257e9d03 | 615 | ### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] |
5f8e6c50 | 616 | |
d8dc8538 DMSP |
617 | * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) |
618 | * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) | |
5f8e6c50 | 619 | |
257e9d03 | 620 | ### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] |
5f8e6c50 DMSP |
621 | |
622 | * config now recognises 64-bit mingw and chooses mingw64 instead of mingw | |
623 | ||
257e9d03 | 624 | ### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] |
5f8e6c50 | 625 | |
d8dc8538 | 626 | * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733]) |
5f8e6c50 | 627 | |
257e9d03 | 628 | ### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] |
5f8e6c50 | 629 | |
d8dc8538 DMSP |
630 | * Truncated packet could crash via OOB read ([CVE-2017-3731]) |
631 | * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730]) | |
632 | * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) | |
5f8e6c50 | 633 | |
257e9d03 | 634 | ### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] |
5f8e6c50 | 635 | |
d8dc8538 DMSP |
636 | * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054]) |
637 | * CMS Null dereference ([CVE-2016-7053]) | |
638 | * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) | |
5f8e6c50 | 639 | |
257e9d03 | 640 | ### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] |
5f8e6c50 | 641 | |
d8dc8538 | 642 | * Fix Use After Free for large message sizes ([CVE-2016-6309]) |
5f8e6c50 | 643 | |
257e9d03 | 644 | ### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] |
5f8e6c50 | 645 | |
d8dc8538 DMSP |
646 | * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) |
647 | * SSL_peek() hang on empty record ([CVE-2016-6305]) | |
5f8e6c50 | 648 | * Excessive allocation of memory in tls_get_message_header() |
d8dc8538 | 649 | ([CVE-2016-6307]) |
5f8e6c50 | 650 | * Excessive allocation of memory in dtls1_preprocess_fragment() |
d8dc8538 | 651 | ([CVE-2016-6308]) |
5f8e6c50 | 652 | |
257e9d03 | 653 | ### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] |
5f8e6c50 DMSP |
654 | |
655 | * Copyright text was shrunk to a boilerplate that points to the license | |
656 | * "shared" builds are now the default when possible | |
657 | * Added support for "pipelining" | |
658 | * Added the AFALG engine | |
659 | * New threading API implemented | |
660 | * Support for ChaCha20 and Poly1305 added to libcrypto and libssl | |
661 | * Support for extended master secret | |
662 | * CCM ciphersuites | |
663 | * Reworked test suite, now based on perl, Test::Harness and Test::More | |
664 | * *Most* libcrypto and libssl public structures were made opaque, | |
665 | including: | |
666 | BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, | |
667 | DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, | |
668 | BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, | |
669 | EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, | |
670 | X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, | |
671 | X509_LOOKUP, X509_LOOKUP_METHOD | |
672 | * libssl internal structures made opaque | |
673 | * SSLv2 support removed | |
674 | * Kerberos ciphersuite support removed | |
675 | * RC4 removed from DEFAULT ciphersuites in libssl | |
676 | * 40 and 56 bit cipher support removed from libssl | |
677 | * All public header files moved to include/openssl, no more symlinking | |
678 | * SSL/TLS state machine, version negotiation and record layer rewritten | |
679 | * EC revision: now operations use new EC_KEY_METHOD. | |
680 | * Support for OCB mode added to libcrypto | |
681 | * Support for asynchronous crypto operations added to libcrypto and libssl | |
682 | * Deprecated interfaces can now be disabled at build time either | |
683 | relative to the latest release via the "no-deprecated" Configure | |
684 | argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. | |
685 | * Application software can be compiled with -DOPENSSL_API_COMPAT=version | |
686 | to ensure that features deprecated in that version are not exposed. | |
687 | * Support for RFC6698/RFC7671 DANE TLSA peer authentication | |
688 | * Change of Configure to use --prefix as the main installation | |
689 | directory location rather than --openssldir. The latter becomes | |
690 | the directory for certs, private key and openssl.cnf exclusively. | |
691 | * Reworked BIO networking library, with full support for IPv6. | |
692 | * New "unified" build system | |
693 | * New security levels | |
694 | * Support for scrypt algorithm | |
695 | * Support for X25519 | |
696 | * Extended SSL_CONF support using configuration files | |
697 | * KDF algorithm support. Implement TLS PRF as a KDF. | |
698 | * Support for Certificate Transparency | |
699 | * HKDF support. | |
700 | ||
4477beac DMSP |
701 | OpenSSL 1.0.2 |
702 | ------------- | |
703 | ||
257e9d03 | 704 | ### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] |
4477beac DMSP |
705 | |
706 | * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey | |
d8dc8538 | 707 | ([CVE-2019-1563]) |
4477beac DMSP |
708 | * For built-in EC curves, ensure an EC_GROUP built from the curve name is |
709 | used even when parsing explicit parameters | |
710 | * Compute ECC cofactors if not provided during EC_GROUP construction | |
d8dc8538 | 711 | ([CVE-2019-1547]) |
4477beac | 712 | * Document issue with installation paths in diverse Windows builds |
d8dc8538 | 713 | ([CVE-2019-1552]) |
4477beac | 714 | |
257e9d03 | 715 | ### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] |
4477beac DMSP |
716 | |
717 | * None | |
718 | ||
257e9d03 | 719 | ### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] |
4477beac | 720 | |
d8dc8538 | 721 | * 0-byte record padding oracle ([CVE-2019-1559]) |
4477beac | 722 | |
257e9d03 | 723 | ### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] |
4477beac | 724 | |
d8dc8538 DMSP |
725 | * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407]) |
726 | * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) | |
4477beac | 727 | |
257e9d03 | 728 | ### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] |
4477beac | 729 | |
d8dc8538 DMSP |
730 | * Client DoS due to large DH parameter ([CVE-2018-0732]) |
731 | * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) | |
4477beac | 732 | |
257e9d03 | 733 | ### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] |
4477beac DMSP |
734 | |
735 | * Constructed ASN.1 types with a recursive definition could exceed the | |
d8dc8538 | 736 | stack ([CVE-2018-0739]) |
4477beac | 737 | |
257e9d03 | 738 | ### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] |
4477beac | 739 | |
d8dc8538 DMSP |
740 | * Read/write after SSL object in error state ([CVE-2017-3737]) |
741 | * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) | |
4477beac | 742 | |
257e9d03 | 743 | ### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] |
4477beac | 744 | |
d8dc8538 DMSP |
745 | * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) |
746 | * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) | |
4477beac | 747 | |
257e9d03 | 748 | ### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] |
4477beac DMSP |
749 | |
750 | * config now recognises 64-bit mingw and chooses mingw64 instead of mingw | |
751 | ||
257e9d03 | 752 | ### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] |
4477beac | 753 | |
d8dc8538 DMSP |
754 | * Truncated packet could crash via OOB read ([CVE-2017-3731]) |
755 | * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) | |
756 | * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) | |
4477beac | 757 | |
257e9d03 | 758 | ### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] |
4477beac | 759 | |
d8dc8538 | 760 | * Missing CRL sanity check ([CVE-2016-7052]) |
4477beac | 761 | |
257e9d03 | 762 | ### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] |
4477beac | 763 | |
d8dc8538 DMSP |
764 | * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) |
765 | * SWEET32 Mitigation ([CVE-2016-2183]) | |
766 | * OOB write in MDC2_Update() ([CVE-2016-6303]) | |
767 | * Malformed SHA512 ticket DoS ([CVE-2016-6302]) | |
768 | * OOB write in BN_bn2dec() ([CVE-2016-2182]) | |
769 | * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) | |
770 | * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) | |
771 | * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) | |
772 | * DTLS buffered message DoS ([CVE-2016-2179]) | |
773 | * DTLS replay protection DoS ([CVE-2016-2181]) | |
774 | * Certificate message OOB reads ([CVE-2016-6306]) | |
4477beac | 775 | |
257e9d03 | 776 | ### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] |
4477beac | 777 | |
d8dc8538 DMSP |
778 | * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) |
779 | * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) | |
780 | * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) | |
781 | * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) | |
782 | * EBCDIC overread ([CVE-2016-2176]) | |
5f8e6c50 DMSP |
783 | * Modify behavior of ALPN to invoke callback after SNI/servername |
784 | callback, such that updates to the SSL_CTX affect ALPN. | |
785 | * Remove LOW from the DEFAULT cipher list. This removes singles DES from | |
786 | the default. | |
787 | * Only remove the SSLv2 methods with the no-ssl2-method option. | |
788 | ||
257e9d03 | 789 | ### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] |
5f8e6c50 DMSP |
790 | |
791 | * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. | |
792 | * Disable SSLv2 default build, default negotiation and weak ciphers | |
d8dc8538 DMSP |
793 | ([CVE-2016-0800]) |
794 | * Fix a double-free in DSA code ([CVE-2016-0705]) | |
5f8e6c50 | 795 | * Disable SRP fake user seed to address a server memory leak |
d8dc8538 | 796 | ([CVE-2016-0798]) |
5f8e6c50 | 797 | * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption |
d8dc8538 DMSP |
798 | ([CVE-2016-0797]) |
799 | * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) | |
800 | * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) | |
5f8e6c50 | 801 | |
257e9d03 | 802 | ### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] |
5f8e6c50 | 803 | |
d8dc8538 DMSP |
804 | * DH small subgroups ([CVE-2016-0701]) |
805 | * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) | |
5f8e6c50 | 806 | |
257e9d03 | 807 | ### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] |
5f8e6c50 | 808 | |
d8dc8538 DMSP |
809 | * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193]) |
810 | * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) | |
811 | * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) | |
5f8e6c50 DMSP |
812 | * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs |
813 | * In DSA_generate_parameters_ex, if the provided seed is too short, | |
814 | return an error | |
815 | ||
257e9d03 | 816 | ### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] |
5f8e6c50 | 817 | |
d8dc8538 DMSP |
818 | * Alternate chains certificate forgery ([CVE-2015-1793]) |
819 | * Race condition handling PSK identify hint ([CVE-2015-3196]) | |
5f8e6c50 | 820 | |
257e9d03 | 821 | ### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] |
5f8e6c50 DMSP |
822 | |
823 | * Fix HMAC ABI incompatibility | |
824 | ||
257e9d03 | 825 | ### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] |
4477beac | 826 | |
d8dc8538 DMSP |
827 | * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) |
828 | * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) | |
829 | * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) | |
830 | * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) | |
831 | * Race condition handling NewSessionTicket ([CVE-2015-1791]) | |
4477beac | 832 | |
257e9d03 | 833 | ### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] |
4477beac | 834 | |
d8dc8538 DMSP |
835 | * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291]) |
836 | * Multiblock corrupted pointer fix ([CVE-2015-0290]) | |
837 | * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207]) | |
838 | * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) | |
839 | * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208]) | |
840 | * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) | |
841 | * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) | |
842 | * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) | |
843 | * Empty CKE with client auth and DHE fix ([CVE-2015-1787]) | |
844 | * Handshake with unseeded PRNG fix ([CVE-2015-0285]) | |
845 | * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) | |
846 | * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) | |
5f8e6c50 DMSP |
847 | * Removed the export ciphers from the DEFAULT ciphers |
848 | ||
257e9d03 | 849 | ### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] |
5f8e6c50 DMSP |
850 | |
851 | * Suite B support for TLS 1.2 and DTLS 1.2 | |
852 | * Support for DTLS 1.2 | |
853 | * TLS automatic EC curve selection. | |
854 | * API to set TLS supported signature algorithms and curves | |
855 | * SSL_CONF configuration API. | |
856 | * TLS Brainpool support. | |
857 | * ALPN support. | |
858 | * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. | |
859 | ||
4477beac DMSP |
860 | OpenSSL 1.0.1 |
861 | ------------- | |
862 | ||
257e9d03 | 863 | ### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] |
4477beac | 864 | |
d8dc8538 DMSP |
865 | * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) |
866 | * SWEET32 Mitigation ([CVE-2016-2183]) | |
867 | * OOB write in MDC2_Update() ([CVE-2016-6303]) | |
868 | * Malformed SHA512 ticket DoS ([CVE-2016-6302]) | |
869 | * OOB write in BN_bn2dec() ([CVE-2016-2182]) | |
870 | * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) | |
871 | * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) | |
872 | * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) | |
873 | * DTLS buffered message DoS ([CVE-2016-2179]) | |
874 | * DTLS replay protection DoS ([CVE-2016-2181]) | |
875 | * Certificate message OOB reads ([CVE-2016-6306]) | |
4477beac | 876 | |
257e9d03 | 877 | ### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] |
4477beac | 878 | |
d8dc8538 DMSP |
879 | * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) |
880 | * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) | |
881 | * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) | |
882 | * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) | |
883 | * EBCDIC overread ([CVE-2016-2176]) | |
4477beac DMSP |
884 | * Modify behavior of ALPN to invoke callback after SNI/servername |
885 | callback, such that updates to the SSL_CTX affect ALPN. | |
886 | * Remove LOW from the DEFAULT cipher list. This removes singles DES from | |
887 | the default. | |
888 | * Only remove the SSLv2 methods with the no-ssl2-method option. | |
889 | ||
257e9d03 | 890 | ### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] |
4477beac DMSP |
891 | |
892 | * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. | |
893 | * Disable SSLv2 default build, default negotiation and weak ciphers | |
d8dc8538 DMSP |
894 | ([CVE-2016-0800]) |
895 | * Fix a double-free in DSA code ([CVE-2016-0705]) | |
4477beac | 896 | * Disable SRP fake user seed to address a server memory leak |
d8dc8538 | 897 | ([CVE-2016-0798]) |
4477beac | 898 | * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption |
d8dc8538 DMSP |
899 | ([CVE-2016-0797]) |
900 | * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) | |
901 | * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) | |
4477beac | 902 | |
257e9d03 | 903 | ### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] |
4477beac DMSP |
904 | |
905 | * Protection for DH small subgroup attacks | |
d8dc8538 | 906 | * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) |
4477beac | 907 | |
257e9d03 | 908 | ### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] |
4477beac | 909 | |
d8dc8538 DMSP |
910 | * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) |
911 | * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) | |
4477beac DMSP |
912 | * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs |
913 | * In DSA_generate_parameters_ex, if the provided seed is too short, | |
914 | return an error | |
915 | ||
257e9d03 | 916 | ### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] |
4477beac | 917 | |
d8dc8538 DMSP |
918 | * Alternate chains certificate forgery ([CVE-2015-1793]) |
919 | * Race condition handling PSK identify hint ([CVE-2015-3196]) | |
4477beac | 920 | |
257e9d03 | 921 | ### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] |
4477beac DMSP |
922 | |
923 | * Fix HMAC ABI incompatibility | |
924 | ||
257e9d03 | 925 | ### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] |
4477beac | 926 | |
d8dc8538 DMSP |
927 | * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) |
928 | * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) | |
929 | * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) | |
930 | * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) | |
931 | * Race condition handling NewSessionTicket ([CVE-2015-1791]) | |
4477beac | 932 | |
257e9d03 | 933 | ### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] |
4477beac | 934 | |
d8dc8538 DMSP |
935 | * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) |
936 | * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) | |
937 | * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) | |
938 | * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) | |
939 | * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) | |
940 | * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) | |
4477beac DMSP |
941 | * Removed the export ciphers from the DEFAULT ciphers |
942 | ||
257e9d03 | 943 | ### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] |
5f8e6c50 DMSP |
944 | |
945 | * Build fixes for the Windows and OpenVMS platforms | |
946 | ||
257e9d03 | 947 | ### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] |
4477beac | 948 | |
d8dc8538 DMSP |
949 | * Fix for [CVE-2014-3571] |
950 | * Fix for [CVE-2015-0206] | |
951 | * Fix for [CVE-2014-3569] | |
952 | * Fix for [CVE-2014-3572] | |
953 | * Fix for [CVE-2015-0204] | |
954 | * Fix for [CVE-2015-0205] | |
955 | * Fix for [CVE-2014-8275] | |
956 | * Fix for [CVE-2014-3570] | |
4477beac | 957 | |
257e9d03 | 958 | ### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] |
4477beac | 959 | |
d8dc8538 DMSP |
960 | * Fix for [CVE-2014-3513] |
961 | * Fix for [CVE-2014-3567] | |
962 | * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) | |
963 | * Fix for [CVE-2014-3568] | |
4477beac | 964 | |
257e9d03 | 965 | ### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] |
4477beac | 966 | |
d8dc8538 DMSP |
967 | * Fix for [CVE-2014-3512] |
968 | * Fix for [CVE-2014-3511] | |
969 | * Fix for [CVE-2014-3510] | |
970 | * Fix for [CVE-2014-3507] | |
971 | * Fix for [CVE-2014-3506] | |
972 | * Fix for [CVE-2014-3505] | |
973 | * Fix for [CVE-2014-3509] | |
974 | * Fix for [CVE-2014-5139] | |
975 | * Fix for [CVE-2014-3508] | |
4477beac | 976 | |
257e9d03 | 977 | ### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] |
4477beac | 978 | |
d8dc8538 DMSP |
979 | * Fix for [CVE-2014-0224] |
980 | * Fix for [CVE-2014-0221] | |
981 | * Fix for [CVE-2014-0198] | |
982 | * Fix for [CVE-2014-0195] | |
983 | * Fix for [CVE-2014-3470] | |
984 | * Fix for [CVE-2010-5298] | |
4477beac | 985 | |
257e9d03 | 986 | ### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] |
4477beac | 987 | |
d8dc8538 | 988 | * Fix for [CVE-2014-0160] |
5f8e6c50 | 989 | * Add TLS padding extension workaround for broken servers. |
d8dc8538 | 990 | * Fix for [CVE-2014-0076] |
5f8e6c50 | 991 | |
257e9d03 | 992 | ### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] |
5f8e6c50 DMSP |
993 | |
994 | * Don't include gmt_unix_time in TLS server and client random values | |
d8dc8538 DMSP |
995 | * Fix for TLS record tampering bug ([CVE-2013-4353]) |
996 | * Fix for TLS version checking bug ([CVE-2013-6449]) | |
997 | * Fix for DTLS retransmission bug ([CVE-2013-6450]) | |
5f8e6c50 | 998 | |
257e9d03 | 999 | ### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] |
5f8e6c50 | 1000 | |
d8dc8538 | 1001 | * Corrected fix for ([CVE-2013-0169]) |
5f8e6c50 | 1002 | |
257e9d03 | 1003 | ### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] |
5f8e6c50 DMSP |
1004 | |
1005 | * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. | |
1006 | * Include the fips configuration module. | |
d8dc8538 DMSP |
1007 | * Fix OCSP bad key DoS attack ([CVE-2013-0166]) |
1008 | * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) | |
1009 | * Fix for TLS AESNI record handling flaw ([CVE-2012-2686]) | |
5f8e6c50 | 1010 | |
257e9d03 | 1011 | ### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] |
5f8e6c50 | 1012 | |
d8dc8538 | 1013 | * Fix TLS/DTLS record length checking bug ([CVE-2012-2333]) |
5f8e6c50 DMSP |
1014 | * Don't attempt to use non-FIPS composite ciphers in FIPS mode. |
1015 | ||
257e9d03 | 1016 | ### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] |
5f8e6c50 DMSP |
1017 | |
1018 | * Fix compilation error on non-x86 platforms. | |
1019 | * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. | |
1020 | * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 | |
1021 | ||
257e9d03 | 1022 | ### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] |
5f8e6c50 | 1023 | |
d8dc8538 | 1024 | * Fix for ASN1 overflow bug ([CVE-2012-2110]) |
5f8e6c50 DMSP |
1025 | * Workarounds for some servers that hang on long client hellos. |
1026 | * Fix SEGV in AES code. | |
1027 | ||
257e9d03 | 1028 | ### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] |
5f8e6c50 DMSP |
1029 | |
1030 | * TLS/DTLS heartbeat support. | |
1031 | * SCTP support. | |
1032 | * RFC 5705 TLS key material exporter. | |
1033 | * RFC 5764 DTLS-SRTP negotiation. | |
1034 | * Next Protocol Negotiation. | |
1035 | * PSS signatures in certificates, requests and CRLs. | |
1036 | * Support for password based recipient info for CMS. | |
1037 | * Support TLS v1.2 and TLS v1.1. | |
1038 | * Preliminary FIPS capability for unvalidated 2.0 FIPS module. | |
1039 | * SRP support. | |
1040 | ||
4477beac DMSP |
1041 | OpenSSL 1.0.0 |
1042 | ------------- | |
1043 | ||
257e9d03 | 1044 | ### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] |
4477beac | 1045 | |
d8dc8538 DMSP |
1046 | * X509_ATTRIBUTE memory leak (([CVE-2015-3195])) |
1047 | * Race condition handling PSK identify hint ([CVE-2015-3196]) | |
4477beac | 1048 | |
257e9d03 | 1049 | ### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] |
4477beac | 1050 | |
d8dc8538 DMSP |
1051 | * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) |
1052 | * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) | |
1053 | * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) | |
1054 | * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) | |
1055 | * Race condition handling NewSessionTicket ([CVE-2015-1791]) | |
4477beac | 1056 | |
257e9d03 | 1057 | ### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] |
4477beac | 1058 | |
d8dc8538 DMSP |
1059 | * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) |
1060 | * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) | |
1061 | * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) | |
1062 | * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) | |
1063 | * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) | |
1064 | * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) | |
4477beac DMSP |
1065 | * Removed the export ciphers from the DEFAULT ciphers |
1066 | ||
257e9d03 | 1067 | ### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] |
4477beac DMSP |
1068 | |
1069 | * Build fixes for the Windows and OpenVMS platforms | |
1070 | ||
257e9d03 | 1071 | ### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] |
4477beac | 1072 | |
d8dc8538 DMSP |
1073 | * Fix for [CVE-2014-3571] |
1074 | * Fix for [CVE-2015-0206] | |
1075 | * Fix for [CVE-2014-3569] | |
1076 | * Fix for [CVE-2014-3572] | |
1077 | * Fix for [CVE-2015-0204] | |
1078 | * Fix for [CVE-2015-0205] | |
1079 | * Fix for [CVE-2014-8275] | |
1080 | * Fix for [CVE-2014-3570] | |
4477beac | 1081 | |
257e9d03 | 1082 | ### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] |
4477beac | 1083 | |
d8dc8538 DMSP |
1084 | * Fix for [CVE-2014-3513] |
1085 | * Fix for [CVE-2014-3567] | |
1086 | * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) | |
1087 | * Fix for [CVE-2014-3568] | |
4477beac | 1088 | |
257e9d03 | 1089 | ### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] |
4477beac | 1090 | |
d8dc8538 DMSP |
1091 | * Fix for [CVE-2014-3510] |
1092 | * Fix for [CVE-2014-3507] | |
1093 | * Fix for [CVE-2014-3506] | |
1094 | * Fix for [CVE-2014-3505] | |
1095 | * Fix for [CVE-2014-3509] | |
1096 | * Fix for [CVE-2014-3508] | |
4477beac DMSP |
1097 | |
1098 | Known issues in OpenSSL 1.0.0m: | |
1099 | ||
1100 | * EAP-FAST and other applications using tls_session_secret_cb | |
8c1cbc72 | 1101 | won't resume sessions. Fixed in 1.0.0n-dev |
4477beac | 1102 | * Compilation failure of s3_pkt.c on some platforms due to missing |
257e9d03 | 1103 | `<limits.h>` include. Fixed in 1.0.0n-dev |
4477beac | 1104 | |
257e9d03 | 1105 | ### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] |
4477beac | 1106 | |
d8dc8538 DMSP |
1107 | * Fix for [CVE-2014-0224] |
1108 | * Fix for [CVE-2014-0221] | |
1109 | * Fix for [CVE-2014-0198] | |
1110 | * Fix for [CVE-2014-0195] | |
1111 | * Fix for [CVE-2014-3470] | |
1112 | * Fix for [CVE-2014-0076] | |
1113 | * Fix for [CVE-2010-5298] | |
4477beac | 1114 | |
257e9d03 | 1115 | ### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] |
4477beac | 1116 | |
d8dc8538 | 1117 | * Fix for DTLS retransmission bug ([CVE-2013-6450]) |
4477beac | 1118 | |
257e9d03 | 1119 | ### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] |
4477beac | 1120 | |
d8dc8538 DMSP |
1121 | * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) |
1122 | * Fix OCSP bad key DoS attack ([CVE-2013-0166]) | |
4477beac | 1123 | |
257e9d03 | 1124 | ### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] |
4477beac | 1125 | |
d8dc8538 | 1126 | * Fix DTLS record length checking bug ([CVE-2012-2333]) |
4477beac | 1127 | |
257e9d03 | 1128 | ### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] |
4477beac | 1129 | |
d8dc8538 | 1130 | * Fix for ASN1 overflow bug ([CVE-2012-2110]) |
4477beac | 1131 | |
257e9d03 | 1132 | ### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] |
4477beac | 1133 | |
d8dc8538 DMSP |
1134 | * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884]) |
1135 | * Corrected fix for ([CVE-2011-4619]) | |
5f8e6c50 DMSP |
1136 | * Various DTLS fixes. |
1137 | ||
257e9d03 | 1138 | ### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] |
5f8e6c50 | 1139 | |
d8dc8538 | 1140 | * Fix for DTLS DoS issue ([CVE-2012-0050]) |
5f8e6c50 | 1141 | |
257e9d03 | 1142 | ### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] |
5f8e6c50 | 1143 | |
d8dc8538 DMSP |
1144 | * Fix for DTLS plaintext recovery attack ([CVE-2011-4108]) |
1145 | * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576]) | |
1146 | * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619]) | |
1147 | * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027]) | |
1148 | * Check for malformed RFC3779 data ([CVE-2011-4577]) | |
5f8e6c50 | 1149 | |
257e9d03 | 1150 | ### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] |
5f8e6c50 | 1151 | |
d8dc8538 DMSP |
1152 | * Fix for CRL vulnerability issue ([CVE-2011-3207]) |
1153 | * Fix for ECDH crashes ([CVE-2011-3210]) | |
5f8e6c50 DMSP |
1154 | * Protection against EC timing attacks. |
1155 | * Support ECDH ciphersuites for certificates using SHA2 algorithms. | |
1156 | * Various DTLS fixes. | |
1157 | ||
257e9d03 | 1158 | ### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] |
5f8e6c50 | 1159 | |
d8dc8538 | 1160 | * Fix for security issue ([CVE-2011-0014]) |
367eab2f | 1161 | |
257e9d03 | 1162 | ### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] |
5f8e6c50 | 1163 | |
d8dc8538 DMSP |
1164 | * Fix for security issue ([CVE-2010-4180]) |
1165 | * Fix for ([CVE-2010-4252]) | |
5f8e6c50 DMSP |
1166 | * Fix mishandling of absent EC point format extension. |
1167 | * Fix various platform compilation issues. | |
d8dc8538 | 1168 | * Corrected fix for security issue ([CVE-2010-3864]). |
5f8e6c50 | 1169 | |
257e9d03 | 1170 | ### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] |
5f8e6c50 | 1171 | |
d8dc8538 DMSP |
1172 | * Fix for security issue ([CVE-2010-3864]). |
1173 | * Fix for ([CVE-2010-2939]) | |
5f8e6c50 DMSP |
1174 | * Fix WIN32 build system for GOST ENGINE. |
1175 | ||
257e9d03 | 1176 | ### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] |
5f8e6c50 | 1177 | |
d8dc8538 | 1178 | * Fix for security issue ([CVE-2010-1633]). |
5f8e6c50 DMSP |
1179 | * GOST MAC and CFB fixes. |
1180 | ||
257e9d03 | 1181 | ### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] |
5f8e6c50 DMSP |
1182 | |
1183 | * RFC3280 path validation: sufficient to process PKITS tests. | |
1184 | * Integrated support for PVK files and keyblobs. | |
1185 | * Change default private key format to PKCS#8. | |
1186 | * CMS support: able to process all examples in RFC4134 | |
1187 | * Streaming ASN1 encode support for PKCS#7 and CMS. | |
1188 | * Multiple signer and signer add support for PKCS#7 and CMS. | |
1189 | * ASN1 printing support. | |
1190 | * Whirlpool hash algorithm added. | |
1191 | * RFC3161 time stamp support. | |
1192 | * New generalised public key API supporting ENGINE based algorithms. | |
1193 | * New generalised public key API utilities. | |
1194 | * New ENGINE supporting GOST algorithms. | |
1195 | * SSL/TLS GOST ciphersuite support. | |
1196 | * PKCS#7 and CMS GOST support. | |
1197 | * RFC4279 PSK ciphersuite support. | |
1198 | * Supported points format extension for ECC ciphersuites. | |
1199 | * ecdsa-with-SHA224/256/384/512 signature types. | |
1200 | * dsa-with-SHA224 and dsa-with-SHA256 signature types. | |
1201 | * Opaque PRF Input TLS extension support. | |
1202 | * Updated time routines to avoid OS limitations. | |
1203 | ||
4477beac DMSP |
1204 | OpenSSL 0.9.x |
1205 | ------------- | |
1206 | ||
257e9d03 | 1207 | ### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] |
5f8e6c50 DMSP |
1208 | |
1209 | * CFB cipher definition fixes. | |
d8dc8538 | 1210 | * Fix security issues [CVE-2010-0740] and [CVE-2010-0433]. |
5f8e6c50 | 1211 | |
257e9d03 | 1212 | ### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] |
5f8e6c50 DMSP |
1213 | |
1214 | * Cipher definition fixes. | |
1215 | * Workaround for slow RAND_poll() on some WIN32 versions. | |
1216 | * Remove MD2 from algorithm tables. | |
1217 | * SPKAC handling fixes. | |
1218 | * Support for RFC5746 TLS renegotiation extension. | |
1219 | * Compression memory leak fixed. | |
1220 | * Compression session resumption fixed. | |
1221 | * Ticket and SNI coexistence fixes. | |
1222 | * Many fixes to DTLS handling. | |
1223 | ||
257e9d03 | 1224 | ### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] |
5f8e6c50 | 1225 | |
d8dc8538 | 1226 | * Temporary work around for [CVE-2009-3555]: disable renegotiation. |
5f8e6c50 | 1227 | |
257e9d03 | 1228 | ### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] |
5f8e6c50 DMSP |
1229 | |
1230 | * Fix various build issues. | |
d8dc8538 | 1231 | * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789] |
5f8e6c50 | 1232 | |
257e9d03 | 1233 | ### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] |
5f8e6c50 | 1234 | |
d8dc8538 | 1235 | * Fix security issue ([CVE-2008-5077]) |
5f8e6c50 DMSP |
1236 | * Merge FIPS 140-2 branch code. |
1237 | ||
257e9d03 | 1238 | ### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] |
5f8e6c50 DMSP |
1239 | |
1240 | * CryptoAPI ENGINE support. | |
1241 | * Various precautionary measures. | |
1242 | * Fix for bugs affecting certificate request creation. | |
1243 | * Support for local machine keyset attribute in PKCS#12 files. | |
1244 | ||
257e9d03 | 1245 | ### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] |
5f8e6c50 DMSP |
1246 | |
1247 | * Backport of CMS functionality to 0.9.8. | |
1248 | * Fixes for bugs introduced with 0.9.8f. | |
1249 | ||
257e9d03 | 1250 | ### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] |
5f8e6c50 DMSP |
1251 | |
1252 | * Add gcc 4.2 support. | |
1253 | * Add support for AES and SSE2 assembly language optimization | |
1254 | for VC++ build. | |
1255 | * Support for RFC4507bis and server name extensions if explicitly | |
1256 | selected at compile time. | |
1257 | * DTLS improvements. | |
1258 | * RFC4507bis support. | |
1259 | * TLS Extensions support. | |
1260 | ||
257e9d03 | 1261 | ### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] |
5f8e6c50 DMSP |
1262 | |
1263 | * Various ciphersuite selection fixes. | |
1264 | * RFC3779 support. | |
1265 | ||
257e9d03 | 1266 | ### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] |
5f8e6c50 | 1267 | |
d8dc8538 DMSP |
1268 | * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) |
1269 | * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] | |
5f8e6c50 DMSP |
1270 | * Changes to ciphersuite selection algorithm |
1271 | ||
257e9d03 | 1272 | ### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] |
5f8e6c50 | 1273 | |
d8dc8538 | 1274 | * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] |
5f8e6c50 DMSP |
1275 | * New cipher Camellia |
1276 | ||
257e9d03 | 1277 | ### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] |
5f8e6c50 DMSP |
1278 | |
1279 | * Cipher string fixes. | |
1280 | * Fixes for VC++ 2005. | |
1281 | * Updated ECC cipher suite support. | |
1282 | * New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). | |
1283 | * Zlib compression usage fixes. | |
1284 | * Built in dynamic engine compilation support on Win32. | |
1285 | * Fixes auto dynamic engine loading in Win32. | |
1286 | ||
257e9d03 | 1287 | ### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] |
5f8e6c50 | 1288 | |
d8dc8538 | 1289 | * Fix potential SSL 2.0 rollback ([CVE-2005-2969]) |
5f8e6c50 DMSP |
1290 | * Extended Windows CE support |
1291 | ||
257e9d03 | 1292 | ### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] |
5f8e6c50 DMSP |
1293 | |
1294 | * Major work on the BIGNUM library for higher efficiency and to | |
1295 | make operations more streamlined and less contradictory. This | |
1296 | is the result of a major audit of the BIGNUM library. | |
1297 | * Addition of BIGNUM functions for fields GF(2^m) and NIST | |
1298 | curves, to support the Elliptic Crypto functions. | |
1299 | * Major work on Elliptic Crypto; ECDH and ECDSA added, including | |
1300 | the use through EVP, X509 and ENGINE. | |
1301 | * New ASN.1 mini-compiler that's usable through the OpenSSL | |
1302 | configuration file. | |
1303 | * Added support for ASN.1 indefinite length constructed encoding. | |
1304 | * New PKCS#12 'medium level' API to manipulate PKCS#12 files. | |
1305 | * Complete rework of shared library construction and linking | |
1306 | programs with shared or static libraries, through a separate | |
1307 | Makefile.shared. | |
1308 | * Rework of the passing of parameters from one Makefile to another. | |
1309 | * Changed ENGINE framework to load dynamic engine modules | |
1310 | automatically from specifically given directories. | |
1311 | * New structure and ASN.1 functions for CertificatePair. | |
1312 | * Changed the ZLIB compression method to be stateful. | |
1313 | * Changed the key-generation and primality testing "progress" | |
1314 | mechanism to take a structure that contains the ticker | |
1315 | function and an argument. | |
1316 | * New engine module: GMP (performs private key exponentiation). | |
1317 | * New engine module: VIA PadLOck ACE extension in VIA C3 | |
1318 | Nehemiah processors. | |
1319 | * Added support for IPv6 addresses in certificate extensions. | |
1320 | See RFC 1884, section 2.2. | |
1321 | * Added support for certificate policy mappings, policy | |
1322 | constraints and name constraints. | |
1323 | * Added support for multi-valued AVAs in the OpenSSL | |
1324 | configuration file. | |
1325 | * Added support for multiple certificates with the same subject | |
1326 | in the 'openssl ca' index file. | |
1327 | * Make it possible to create self-signed certificates using | |
1328 | 'openssl ca -selfsign'. | |
1329 | * Make it possible to generate a serial number file with | |
1330 | 'openssl ca -create_serial'. | |
1331 | * New binary search functions with extended functionality. | |
1332 | * New BUF functions. | |
1333 | * New STORE structure and library to provide an interface to all | |
1334 | sorts of data repositories. Supports storage of public and | |
1335 | private keys, certificates, CRLs, numbers and arbitrary blobs. | |
1336 | This library is unfortunately unfinished and unused within | |
1337 | OpenSSL. | |
1338 | * New control functions for the error stack. | |
1339 | * Changed the PKCS#7 library to support one-pass S/MIME | |
1340 | processing. | |
1341 | * Added the possibility to compile without old deprecated | |
1342 | functionality with the OPENSSL_NO_DEPRECATED macro or the | |
1343 | 'no-deprecated' argument to the config and Configure scripts. | |
1344 | * Constification of all ASN.1 conversion functions, and other | |
1345 | affected functions. | |
1346 | * Improved platform support for PowerPC. | |
1347 | * New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). | |
1348 | * New X509_VERIFY_PARAM structure to support parameterisation | |
1349 | of X.509 path validation. | |
1350 | * Major overhaul of RC4 performance on Intel P4, IA-64 and | |
1351 | AMD64. | |
1352 | * Changed the Configure script to have some algorithms disabled | |
1353 | by default. Those can be explicitly enabled with the new | |
1354 | argument form 'enable-xxx'. | |
1355 | * Change the default digest in 'openssl' commands from MD5 to | |
1356 | SHA-1. | |
1357 | * Added support for DTLS. | |
1358 | * New BIGNUM blinding. | |
1359 | * Added support for the RSA-PSS encryption scheme | |
1360 | * Added support for the RSA X.931 padding. | |
1361 | * Added support for BSD sockets on NetWare. | |
1362 | * Added support for files larger than 2GB. | |
1363 | * Added initial support for Win64. | |
1364 | * Added alternate pkg-config files. | |
1365 | ||
257e9d03 | 1366 | ### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] |
5f8e6c50 DMSP |
1367 | |
1368 | * FIPS 1.1.1 module linking. | |
1369 | * Various ciphersuite selection fixes. | |
1370 | ||
257e9d03 | 1371 | ### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] |
5f8e6c50 | 1372 | |
d8dc8538 DMSP |
1373 | * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) |
1374 | * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] | |
5f8e6c50 | 1375 | |
257e9d03 | 1376 | ### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] |
5f8e6c50 | 1377 | |
d8dc8538 | 1378 | * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] |
5f8e6c50 | 1379 | |
257e9d03 | 1380 | ### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] |
5f8e6c50 DMSP |
1381 | |
1382 | * Visual C++ 2005 fixes. | |
1383 | * Update Windows build system for FIPS. | |
1384 | ||
257e9d03 | 1385 | ### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] |
5f8e6c50 DMSP |
1386 | |
1387 | * Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. | |
1388 | ||
257e9d03 | 1389 | ### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] |
5f8e6c50 | 1390 | |
d8dc8538 | 1391 | * Fix SSL 2.0 Rollback ([CVE-2005-2969]) |
5f8e6c50 DMSP |
1392 | * Allow use of fixed-length exponent on DSA signing |
1393 | * Default fixed-window RSA, DSA, DH private-key operations | |
1394 | ||
257e9d03 | 1395 | ### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] |
5f8e6c50 DMSP |
1396 | |
1397 | * More compilation issues fixed. | |
1398 | * Adaptation to more modern Kerberos API. | |
1399 | * Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. | |
1400 | * Enhanced x86_64 assembler BIGNUM module. | |
1401 | * More constification. | |
1402 | * Added processing of proxy certificates (RFC 3820). | |
1403 | ||
257e9d03 | 1404 | ### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] |
5f8e6c50 DMSP |
1405 | |
1406 | * Several compilation issues fixed. | |
1407 | * Many memory allocation failure checks added. | |
1408 | * Improved comparison of X509 Name type. | |
1409 | * Mandatory basic checks on certificates. | |
1410 | * Performance improvements. | |
1411 | ||
257e9d03 | 1412 | ### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] |
5f8e6c50 DMSP |
1413 | |
1414 | * Fix race condition in CRL checking code. | |
1415 | * Fixes to PKCS#7 (S/MIME) code. | |
1416 | ||
257e9d03 | 1417 | ### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] |
5f8e6c50 DMSP |
1418 | |
1419 | * Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug | |
1420 | * Security: Fix null-pointer assignment in do_change_cipher_spec() | |
1421 | * Allow multiple active certificates with same subject in CA index | |
1422 | * Multiple X509 verification fixes | |
1423 | * Speed up HMAC and other operations | |
1424 | ||
257e9d03 | 1425 | ### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] |
5f8e6c50 DMSP |
1426 | |
1427 | * Security: fix various ASN1 parsing bugs. | |
1428 | * New -ignore_err option to OCSP utility. | |
1429 | * Various interop and bug fixes in S/MIME code. | |
1430 | * SSL/TLS protocol fix for unrequested client certificates. | |
1431 | ||
257e9d03 | 1432 | ### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] |
5f8e6c50 DMSP |
1433 | |
1434 | * Security: counter the Klima-Pokorny-Rosa extension of | |
1435 | Bleichbacher's attack | |
1436 | * Security: make RSA blinding default. | |
1437 | * Configuration: Irix fixes, AIX fixes, better mingw support. | |
1438 | * Support for new platforms: linux-ia64-ecc. | |
1439 | * Build: shared library support fixes. | |
1440 | * ASN.1: treat domainComponent correctly. | |
1441 | * Documentation: fixes and additions. | |
1442 | ||
257e9d03 | 1443 | ### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] |
5f8e6c50 DMSP |
1444 | |
1445 | * Security: Important security related bugfixes. | |
1446 | * Enhanced compatibility with MIT Kerberos. | |
1447 | * Can be built without the ENGINE framework. | |
1448 | * IA32 assembler enhancements. | |
1449 | * Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. | |
1450 | * Configuration: the no-err option now works properly. | |
1451 | * SSL/TLS: now handles manual certificate chain building. | |
1452 | * SSL/TLS: certain session ID malfunctions corrected. | |
1453 | ||
257e9d03 | 1454 | ### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] |
5f8e6c50 DMSP |
1455 | |
1456 | * New library section OCSP. | |
1457 | * Complete rewrite of ASN1 code. | |
1458 | * CRL checking in verify code and openssl utility. | |
1459 | * Extension copying in 'ca' utility. | |
1460 | * Flexible display options in 'ca' utility. | |
1461 | * Provisional support for international characters with UTF8. | |
1462 | * Support for external crypto devices ('engine') is no longer | |
1463 | a separate distribution. | |
1464 | * New elliptic curve library section. | |
1465 | * New AES (Rijndael) library section. | |
1466 | * Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, | |
1467 | Linux x86_64, Linux 64-bit on Sparc v9 | |
1468 | * Extended support for some platforms: VxWorks | |
1469 | * Enhanced support for shared libraries. | |
1470 | * Now only builds PIC code when shared library support is requested. | |
1471 | * Support for pkg-config. | |
1472 | * Lots of new manuals. | |
1473 | * Makes symbolic links to or copies of manuals to cover all described | |
1474 | functions. | |
1475 | * Change DES API to clean up the namespace (some applications link also | |
1476 | against libdes providing similar functions having the same name). | |
1477 | Provide macros for backward compatibility (will be removed in the | |
1478 | future). | |
1479 | * Unify handling of cryptographic algorithms (software and engine) | |
1480 | to be available via EVP routines for asymmetric and symmetric ciphers. | |
1481 | * NCONF: new configuration handling routines. | |
1482 | * Change API to use more 'const' modifiers to improve error checking | |
1483 | and help optimizers. | |
1484 | * Finally remove references to RSAref. | |
1485 | * Reworked parts of the BIGNUM code. | |
1486 | * Support for new engines: Broadcom ubsec, Accelerated Encryption | |
1487 | Processing, IBM 4758. | |
1488 | * A few new engines added in the demos area. | |
1489 | * Extended and corrected OID (object identifier) table. | |
1490 | * PRNG: query at more locations for a random device, automatic query for | |
1491 | EGD style random sources at several locations. | |
1492 | * SSL/TLS: allow optional cipher choice according to server's preference. | |
1493 | * SSL/TLS: allow server to explicitly set new session ids. | |
1494 | * SSL/TLS: support Kerberos cipher suites (RFC2712). | |
1495 | Only supports MIT Kerberos for now. | |
1496 | * SSL/TLS: allow more precise control of renegotiations and sessions. | |
1497 | * SSL/TLS: add callback to retrieve SSL/TLS messages. | |
1498 | * SSL/TLS: support AES cipher suites (RFC3268). | |
1499 | ||
257e9d03 | 1500 | ### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] |
5f8e6c50 DMSP |
1501 | |
1502 | * Security: fix various ASN1 parsing bugs. | |
1503 | * SSL/TLS protocol fix for unrequested client certificates. | |
1504 | ||
257e9d03 | 1505 | ### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] |
5f8e6c50 DMSP |
1506 | |
1507 | * Security: counter the Klima-Pokorny-Rosa extension of | |
1508 | Bleichbacher's attack | |
1509 | * Security: make RSA blinding default. | |
1510 | * Build: shared library support fixes. | |
1511 | ||
257e9d03 | 1512 | ### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] |
5f8e6c50 DMSP |
1513 | |
1514 | * Important security related bugfixes. | |
1515 | ||
257e9d03 | 1516 | ### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] |
5f8e6c50 DMSP |
1517 | |
1518 | * New configuration targets for Tandem OSS and A/UX. | |
1519 | * New OIDs for Microsoft attributes. | |
1520 | * Better handling of SSL session caching. | |
1521 | * Better comparison of distinguished names. | |
1522 | * Better handling of shared libraries in a mixed GNU/non-GNU environment. | |
1523 | * Support assembler code with Borland C. | |
1524 | * Fixes for length problems. | |
1525 | * Fixes for uninitialised variables. | |
1526 | * Fixes for memory leaks, some unusual crashes and some race conditions. | |
1527 | * Fixes for smaller building problems. | |
1528 | * Updates of manuals, FAQ and other instructive documents. | |
1529 | ||
257e9d03 | 1530 | ### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] |
5f8e6c50 DMSP |
1531 | |
1532 | * Important building fixes on Unix. | |
1533 | ||
257e9d03 | 1534 | ### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] |
5f8e6c50 DMSP |
1535 | |
1536 | * Various important bugfixes. | |
1537 | ||
257e9d03 | 1538 | ### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] |
5f8e6c50 DMSP |
1539 | |
1540 | * Important security related bugfixes. | |
1541 | * Various SSL/TLS library bugfixes. | |
1542 | ||
257e9d03 | 1543 | ### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] |
5f8e6c50 DMSP |
1544 | |
1545 | * Various SSL/TLS library bugfixes. | |
1546 | * Fix DH parameter generation for 'non-standard' generators. | |
1547 | ||
257e9d03 | 1548 | ### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] |
5f8e6c50 DMSP |
1549 | |
1550 | * Various SSL/TLS library bugfixes. | |
1551 | * BIGNUM library fixes. | |
1552 | * RSA OAEP and random number generation fixes. | |
1553 | * Object identifiers corrected and added. | |
1554 | * Add assembler BN routines for IA64. | |
1555 | * Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, | |
1556 | MIPS Linux; shared library support for Irix, HP-UX. | |
1557 | * Add crypto accelerator support for AEP, Baltimore SureWare, | |
1558 | Broadcom and Cryptographic Appliance's keyserver | |
1559 | [in 0.9.6c-engine release]. | |
1560 | ||
257e9d03 | 1561 | ### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] |
5f8e6c50 DMSP |
1562 | |
1563 | * Security fix: PRNG improvements. | |
1564 | * Security fix: RSA OAEP check. | |
1565 | * Security fix: Reinsert and fix countermeasure to Bleichbacher's | |
1566 | attack. | |
1567 | * MIPS bug fix in BIGNUM. | |
1568 | * Bug fix in "openssl enc". | |
1569 | * Bug fix in X.509 printing routine. | |
1570 | * Bug fix in DSA verification routine and DSA S/MIME verification. | |
1571 | * Bug fix to make PRNG thread-safe. | |
1572 | * Bug fix in RAND_file_name(). | |
1573 | * Bug fix in compatibility mode trust settings. | |
1574 | * Bug fix in blowfish EVP. | |
1575 | * Increase default size for BIO buffering filter. | |
1576 | * Compatibility fixes in some scripts. | |
1577 | ||
257e9d03 | 1578 | ### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] |
5f8e6c50 DMSP |
1579 | |
1580 | * Security fix: change behavior of OpenSSL to avoid using | |
1581 | environment variables when running as root. | |
1582 | * Security fix: check the result of RSA-CRT to reduce the | |
1583 | possibility of deducing the private key from an incorrectly | |
1584 | calculated signature. | |
1585 | * Security fix: prevent Bleichenbacher's DSA attack. | |
1586 | * Security fix: Zero the premaster secret after deriving the | |
1587 | master secret in DH ciphersuites. | |
1588 | * Reimplement SSL_peek(), which had various problems. | |
1589 | * Compatibility fix: the function des_encrypt() renamed to | |
1590 | des_encrypt1() to avoid clashes with some Unixen libc. | |
1591 | * Bug fixes for Win32, HP/UX and Irix. | |
1592 | * Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and | |
1593 | memory checking routines. | |
1594 | * Bug fixes for RSA operations in threaded environments. | |
1595 | * Bug fixes in misc. openssl applications. | |
1596 | * Remove a few potential memory leaks. | |
1597 | * Add tighter checks of BIGNUM routines. | |
1598 | * Shared library support has been reworked for generality. | |
1599 | * More documentation. | |
1600 | * New function BN_rand_range(). | |
1601 | * Add "-rand" option to openssl s_client and s_server. | |
1602 | ||
257e9d03 | 1603 | ### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] |
5f8e6c50 DMSP |
1604 | |
1605 | * Some documentation for BIO and SSL libraries. | |
1606 | * Enhanced chain verification using key identifiers. | |
1607 | * New sign and verify options to 'dgst' application. | |
1608 | * Support for DER and PEM encoded messages in 'smime' application. | |
8c1cbc72 | 1609 | * New 'rsautl' application, low-level RSA utility. |
5f8e6c50 DMSP |
1610 | * MD4 now included. |
1611 | * Bugfix for SSL rollback padding check. | |
1612 | * Support for external crypto devices [1]. | |
1613 | * Enhanced EVP interface. | |
1614 | ||
1615 | [1] The support for external crypto devices is currently a separate | |
036cbb6b | 1616 | distribution. See the file README-Engine.md. |
5f8e6c50 | 1617 | |
257e9d03 | 1618 | ### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] |
5f8e6c50 DMSP |
1619 | |
1620 | * Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 | |
1621 | * Shared library support for HPUX and Solaris-gcc | |
1622 | * Support of Linux/IA64 | |
1623 | * Assembler support for Mingw32 | |
1624 | * New 'rand' application | |
1625 | * New way to check for existence of algorithms from scripts | |
1626 | ||
257e9d03 | 1627 | ### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] |
5f8e6c50 DMSP |
1628 | |
1629 | * S/MIME support in new 'smime' command | |
1630 | * Documentation for the OpenSSL command line application | |
1631 | * Automation of 'req' application | |
1632 | * Fixes to make s_client, s_server work under Windows | |
1633 | * Support for multiple fieldnames in SPKACs | |
1634 | * New SPKAC command line utility and associated library functions | |
1635 | * Options to allow passwords to be obtained from various sources | |
1636 | * New public key PEM format and options to handle it | |
1637 | * Many other fixes and enhancements to command line utilities | |
1638 | * Usable certificate chain verification | |
1639 | * Certificate purpose checking | |
1640 | * Certificate trust settings | |
1641 | * Support of authority information access extension | |
1642 | * Extensions in certificate requests | |
1643 | * Simplified X509 name and attribute routines | |
1644 | * Initial (incomplete) support for international character sets | |
1645 | * New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD | |
1646 | * Read only memory BIOs and simplified creation function | |
1647 | * TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 | |
1648 | record; allow fragmentation and interleaving of handshake and other | |
1649 | data | |
1650 | * TLS/SSL code now "tolerates" MS SGC | |
1651 | * Work around for Netscape client certificate hang bug | |
1652 | * RSA_NULL option that removes RSA patent code but keeps other | |
1653 | RSA functionality | |
1654 | * Memory leak detection now allows applications to add extra information | |
1655 | via a per-thread stack | |
1656 | * PRNG robustness improved | |
1657 | * EGD support | |
1658 | * BIGNUM library bug fixes | |
1659 | * Faster DSA parameter generation | |
1660 | * Enhanced support for Alpha Linux | |
8c1cbc72 | 1661 | * Experimental macOS support |
5f8e6c50 | 1662 | |
257e9d03 | 1663 | ### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] |
5f8e6c50 DMSP |
1664 | |
1665 | * Transparent support for PKCS#8 format private keys: these are used | |
1666 | by several software packages and are more secure than the standard | |
1667 | form | |
1668 | * PKCS#5 v2.0 implementation | |
1669 | * Password callbacks have a new void * argument for application data | |
1670 | * Avoid various memory leaks | |
1671 | * New pipe-like BIO that allows using the SSL library when actual I/O | |
1672 | must be handled by the application (BIO pair) | |
1673 | ||
257e9d03 | 1674 | ### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] |
4477beac | 1675 | |
5f8e6c50 DMSP |
1676 | * Lots of enhancements and cleanups to the Configuration mechanism |
1677 | * RSA OEAP related fixes | |
4477beac | 1678 | * Added "openssl ca -revoke" option for revoking a certificate |
5f8e6c50 DMSP |
1679 | * Source cleanups: const correctness, type-safe stacks and ASN.1 SETs |
1680 | * Source tree cleanups: removed lots of obsolete files | |
1681 | * Thawte SXNet, certificate policies and CRL distribution points | |
4477beac | 1682 | extension support |
5f8e6c50 DMSP |
1683 | * Preliminary (experimental) S/MIME support |
1684 | * Support for ASN.1 UTF8String and VisibleString | |
1685 | * Full integration of PKCS#12 code | |
1686 | * Sparc assembler bignum implementation, optimized hash functions | |
1687 | * Option to disable selected ciphers | |
8e8a8a5f | 1688 | |
257e9d03 | 1689 | ### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] |
4477beac | 1690 | |
5f8e6c50 DMSP |
1691 | * Fixed a security hole related to session resumption |
1692 | * Fixed RSA encryption routines for the p < q case | |
1693 | * "ALL" in cipher lists now means "everything except NULL ciphers" | |
1694 | * Support for Triple-DES CBCM cipher | |
1695 | * Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA | |
1696 | * First support for new TLSv1 ciphers | |
1697 | * Added a few new BIOs (syslog BIO, reliable BIO) | |
1698 | * Extended support for DSA certificate/keys. | |
1699 | * Extended support for Certificate Signing Requests (CSR) | |
1700 | * Initial support for X.509v3 extensions | |
1701 | * Extended support for compression inside the SSL record layer | |
1702 | * Overhauled Win32 builds | |
1703 | * Cleanups and fixes to the Big Number (BN) library | |
1704 | * Support for ASN.1 GeneralizedTime | |
eb4129e1 | 1705 | * Split ASN.1 SETs from SEQUENCEs |
5f8e6c50 DMSP |
1706 | * ASN1 and PEM support for Netscape Certificate Sequences |
1707 | * Overhauled Perl interface | |
1708 | * Lots of source tree cleanups. | |
1709 | * Lots of memory leak fixes. | |
1710 | * Lots of bug fixes. | |
3b52c2e7 | 1711 | |
257e9d03 | 1712 | ### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] |
4477beac | 1713 | |
5f8e6c50 DMSP |
1714 | * Integration of the popular NO_RSA/NO_DSA patches |
1715 | * Initial support for compression inside the SSL record layer | |
1716 | * Added BIO proxy and filtering functionality | |
1717 | * Extended Big Number (BN) library | |
1718 | * Added RIPE MD160 message digest | |
1719 | * Added support for RC2/64bit cipher | |
1720 | * Extended ASN.1 parser routines | |
1721 | * Adjustments of the source tree for CVS | |
1722 | * Support for various new platforms | |
4477beac | 1723 | |
4477beac | 1724 | <!-- Links --> |
d63b3e79 | 1725 | |
03c4b0ea | 1726 | [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 |
0873e6f6 | 1727 | [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 |
38b2508f | 1728 | [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 |
858c7bc2 | 1729 | [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 |
4d4657cb | 1730 | [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 |
1e6e682a | 1731 | [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 |
0be7510f | 1732 | [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 |
4b297628 | 1733 | [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 |
4ec53ad6 | 1734 | [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 |
1e398bec | 1735 | [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 |
d63b3e79 | 1736 | [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 |
72dfe465 | 1737 | [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 |
5ab3f71a | 1738 | [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 |
986f9a67 MC |
1739 | [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 |
1740 | [CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 | |
5f14b5bc TM |
1741 | [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 |
1742 | [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 | |
1743 | [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 | |
1744 | [CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 | |
1745 | [CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 | |
1746 | [CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 | |
1747 | [CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 | |
1748 | [CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 | |
1749 | [CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 | |
1750 | [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | |
1472127d | 1751 | [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 |
1e13198f | 1752 | [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 |
6ffc3127 | 1753 | [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 |
4477beac DMSP |
1754 | [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 |
1755 | [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 | |
1756 | [CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 | |
8658fedd | 1757 | [CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 |
4477beac DMSP |
1758 | [CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 |
1759 | [CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 | |
1760 | [CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 | |
1761 | [CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 | |
1762 | [CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 | |
1763 | [CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 | |
1764 | [CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 | |
1765 | [CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 | |
1766 | [CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 | |
1767 | [CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 | |
1768 | [CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 | |
1769 | [CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 | |
1770 | [CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 | |
1771 | [CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 | |
1772 | [CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 | |
1773 | [CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 | |
1774 | [CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 | |
1775 | [CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 | |
1776 | [CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 | |
1777 | [CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 | |
1778 | [CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 | |
1779 | [CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 | |
1780 | [CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 | |
1781 | [CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 | |
1782 | [CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 | |
1783 | [CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 | |
1784 | [CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 | |
1785 | [CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 | |
1786 | [CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 | |
1787 | [CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 | |
1788 | [CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 | |
1789 | [CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 | |
1790 | [CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 | |
1791 | [CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 | |
1792 | [CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 | |
1793 | [CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 | |
1794 | [CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 | |
1795 | [CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 | |
1796 | [CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 | |
1797 | [CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 | |
1798 | [CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 | |
1799 | [CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 | |
1800 | [CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 | |
1801 | [CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 | |
1802 | [CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 | |
1803 | [CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 | |
1804 | [CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 | |
1805 | [CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 | |
1806 | [CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 | |
1807 | [CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 | |
1808 | [CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 | |
1809 | [CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 | |
1810 | [CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 | |
1811 | [CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 | |
1812 | [CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 | |
1813 | [CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 | |
1814 | [CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 | |
1815 | [CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 | |
1816 | [CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 | |
1817 | [CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 | |
1818 | [CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 | |
1819 | [CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 | |
1820 | [CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 | |
1821 | [CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 | |
1822 | [CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 | |
1823 | [CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 | |
1824 | [CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 | |
1825 | [CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 | |
1826 | [CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 | |
1827 | [CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 | |
1828 | [CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 | |
1829 | [CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 | |
1830 | [CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 | |
1831 | [CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 | |
1832 | [CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 | |
1833 | [CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 | |
1834 | [CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 | |
1835 | [CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 | |
1836 | [CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 | |
1837 | [CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 | |
1838 | [CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 | |
1839 | [CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 | |
1840 | [CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 | |
1841 | [CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 | |
1842 | [CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 | |
1843 | [CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 | |
1844 | [CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 | |
1845 | [CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 | |
1846 | [CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 | |
1847 | [CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 | |
1848 | [CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 | |
1849 | [CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 | |
1850 | [CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 | |
1851 | [CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 | |
1852 | [CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 | |
1853 | [CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 | |
1854 | [CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198 | |
1855 | [CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 | |
1856 | [CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 | |
1857 | [CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 | |
1858 | [CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 | |
1859 | [CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449 | |
1860 | [CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 | |
1861 | [CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 | |
1862 | [CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 | |
1863 | [CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 | |
1864 | [CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 | |
1865 | [CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 | |
1866 | [CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 | |
1867 | [CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 | |
1868 | [CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 | |
1869 | [CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 | |
1870 | [CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 | |
1871 | [CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 | |
1872 | [CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 | |
1873 | [CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 | |
1874 | [CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 | |
1875 | [CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 | |
1876 | [CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298 | |
1877 | [CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 | |
1878 | [CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 | |
1879 | [CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 | |
1880 | [CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939 | |
1881 | [CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 | |
1882 | [CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 | |
1883 | [CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 | |
1884 | [CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 | |
1885 | [CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 | |
1886 | [CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 | |
1887 | [CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 | |
1888 | [CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 | |
1889 | [CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 | |
1890 | [CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 | |
1891 | [CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737 | |
1892 | [CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 | |
1893 | [CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 | |
1894 | [CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 | |
36eb3cfb HL |
1895 | [OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html |
1896 | [CHANGES.md]: ./CHANGES.md | |
1897 | [README-QUIC.md]: ./README-QUIC.md | |
1898 | [issue tracker]: https://github.com/openssl/openssl/issues |