wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More updates to CHANGES and NEWS for the 1.1.1 release

Browse source 
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)
This commit is contained in:
Matt Caswell 2018-09-10 14:44:04 +01:00
parent 3f8b623aaa
commit 6ccfc8fa31
2 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CHANGES
View file

@ -9,6 +9,14 @@
Changes between 1.1.0i and 1.1.1 [xx XXX xxxx] Changes between 1.1.0i and 1.1.1 [xx XXX xxxx]
*) Add a new ClientHello callback. Provides a callback interface that gives
the application the ability to adjust the nascent SSL object at the
earliest stage of ClientHello processing, immediately after extensions have
been collected but before they have been processed. In particular, this
callback can adjust the supported TLS versions in response to the contents
of the ClientHello
[Benjamin Kaduk]
*) Add SM2 base algorithm support. *) Add SM2 base algorithm support.
[Jack Lloyd] [Jack Lloyd]

18
NEWS
View file

@ -7,7 +7,19 @@
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]
o Support for TLSv1.3 added o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
for further important information). The TLSv1.3 implementation includes:
o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
o Early data (0-RTT)
o Post-handshake authentication and key update
o Middlebox Compatibility Mode
o TLSv1.3 PSKs
o Support for all five RFC8446 ciphersuites
o RSA-PSS signature algorithms (backported to TLSv1.2)
o Configurable session ticket support
o Stateless server support
o Rewrite of the packet construction code for "safer" packet handling
o Rewrite of the extension handling code
o Complete rewrite of the OpenSSL random number generator to introduce the o Complete rewrite of the OpenSSL random number generator to introduce the
following capabilities following capabilities
o The default RAND method now utilizes an AES-CTR DRBG according to o The default RAND method now utilizes an AES-CTR DRBG according to
@ -21,7 +33,7 @@
o Support for various new cryptographic algorithms including: o Support for various new cryptographic algorithms including:
o SHA3 o SHA3
o SHA512/224 and SHA512/256 o SHA512/224 and SHA512/256
o EdDSA (including Ed25519 and Ed448) o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
o X448 (adding to the existing X25519 support in 1.1.0) o X448 (adding to the existing X25519 support in 1.1.0)
o Multi-prime RSA o Multi-prime RSA
o SM2 o SM2
@ -30,6 +42,8 @@
o SipHash o SipHash
o ARIA (including TLS support) o ARIA (including TLS support)
o Significant Side-Channel attack security improvements o Significant Side-Channel attack security improvements
o Add a new ClientHello callback to provide the ability to adjust the SSL
object at an early stage.
o Add 'Maximum Fragment Length' TLS extension negotiation and support o Add 'Maximum Fragment Length' TLS extension negotiation and support
o A new STORE module, which implements a uniform and URI based reader of o A new STORE module, which implements a uniform and URI based reader of
stores that can contain keys, certificates, CRLs and numerous other stores that can contain keys, certificates, CRLs and numerous other