### Changes between 3.4 and 3.5 [xx XXX xxxx]
-* Added a `no-tls-deprecated-ec-groups` configuration option.
+ * Added a `no-tls-deprecated-ec` configuration option.
- The `no-tls-deprecated-ec-groups` option disables support for TLS elliptic
- curve groups deprecated in RFC8422 at compile time. This does not affect use
- of the associated curves outside TLS. By default support for these groups is
- compiled in, but, as before, they are not included in the default run-time
- list of supported groups.
+ The `no-tls-deprecated-ec` option disables support for TLS elliptic curve
+ groups deprecated in RFC8422 at compile time. This does not affect use of
+ the associated curves outside TLS. By default support for these groups is
+ compiled in, but, as before, they are not included in the default run-time
+ list of supported groups.
- With the `enable-tls-deprecated-ec` option these TLS groups remain enabled at
- compile time even if the default configuration is changed, provided the
- underlying EC curves remain implemented.
+ With the `enable-tls-deprecated-ec` option these TLS groups remain enabled at
+ compile time even if the default configuration is changed, provided the
+ underlying EC curves remain implemented.
- *Viktor Dukhovni*
+ *Viktor Dukhovni*
-* Added new API to enable 0-RTT for 3rd party QUIC stacks.
+ * Added new API to enable 0-RTT for 3rd party QUIC stacks.
- *Cheng Zhang*
+ *Cheng Zhang*
-* Added support for a new callback registration `SSL_CTX_set_new_pending_conn_cb`,
- which allows for application notification of new connection SSL object
- creation, which occurs independently of calls to `SSL_accept_connection()`.
- Note: QUIC objects passed through SSL callbacks should not have their state
- mutated via calls back into the SSL api until such time as they have been
- received via a call to `SSL_accept_connection()`.
+ * Added support for a new callback registration `SSL_CTX_set_new_pending_conn_cb`,
+ which allows for application notification of new connection SSL object
+ creation, which occurs independently of calls to `SSL_accept_connection()`.
+ Note: QUIC objects passed through SSL callbacks should not have their state
+ mutated via calls back into the SSL api until such time as they have been
+ received via a call to `SSL_accept_connection()`.
- *Neil Horman*
+ *Neil Horman*
-* Add SLH-DSA as specified in FIPS 205.
+ * Add SLH-DSA as specified in FIPS 205.
- *Shane Lontis and Dr Paul Dale*
+ *Shane Lontis and Dr Paul Dale*
-* ML-KEM as specified in FIPS 203.
+ * ML-KEM as specified in FIPS 203.
- Based on the original implementation in BoringSSL, ported from C++ to C,
- refactored, and integrated into the OpenSSL default and FIPS providers.
- Including also the X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024
- TLS hybrid key post-quantum/classical key agreement schemes.
+ Based on the original implementation in BoringSSL, ported from C++ to C,
+ refactored, and integrated into the OpenSSL default and FIPS providers.
+ Including also the X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024
+ TLS hybrid key post-quantum/classical key agreement schemes.
- *Michael Baentsch, Viktor Dukhovni, Shane Lontis and Paul Dale*
+ *Michael Baentsch, Viktor Dukhovni, Shane Lontis and Paul Dale*
-* Add ML-DSA as specified in FIPS 204.
+ * Add ML-DSA as specified in FIPS 204.
- The base code was derived from BoringSSL C++ code.
+ The base code was derived from BoringSSL C++ code.
- *Shane Lontis, Viktor Dukhovni and Paul Dale*
+ *Shane Lontis, Viktor Dukhovni and Paul Dale*
* Added new API calls to enable 3rd party QUIC stacks to use the OpenSSL TLS
implementation.
projects / thirdparty / openssl.git / commitdiff
