More updates to CHANGES and NEWS for the 1.1.1 release

Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7167)
2018-09-10 14:44:04 +01:00 · 2018-09-10 14:44:04 +01:00 · 6ccfc8fa31
commit 6ccfc8fa31
parent 3f8b623aaa
2 changed files with 24 additions and 2 deletions
--- a/8
+++ b/8
@ -9,6 +9,14 @@

 Changes between 1.1.0i and 1.1.1 [xx XXX xxxx]

+  *) Add a new ClientHello callback. Provides a callback interface that gives
+     the application the ability to adjust the nascent SSL object at the
+     earliest stage of ClientHello processing, immediately after extensions have
+     been collected but before they have been processed. In particular, this
+     callback can adjust the supported TLS versions in response to the contents
+     of the ClientHello
+     [Benjamin Kaduk]
+
  *) Add SM2 base algorithm support.
     [Jack Lloyd]

--- a/18
+++ b/18
@ -7,7 +7,19 @@

  Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]

-      o Support for TLSv1.3 added
+      o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
+        for further important information). The TLSv1.3 implementation includes:
+          o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+          o Early data (0-RTT)
+          o Post-handshake authentication and key update
+          o Middlebox Compatibility Mode
+          o TLSv1.3 PSKs
+          o Support for all five RFC8446 ciphersuites
+          o RSA-PSS signature algorithms (backported to TLSv1.2)
+          o Configurable session ticket support
+          o Stateless server support
+          o Rewrite of the packet construction code for "safer" packet handling
+          o Rewrite of the extension handling code
      o Complete rewrite of the OpenSSL random number generator to introduce the
        following capabilities
          o The default RAND method now utilizes an AES-CTR DRBG according to
@ -21,7 +33,7 @@
      o Support for various new cryptographic algorithms including:
          o SHA3
          o SHA512/224 and SHA512/256
-          o EdDSA (including Ed25519 and Ed448)
+          o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
          o X448 (adding to the existing X25519 support in 1.1.0)
          o Multi-prime RSA
          o SM2
@ -30,6 +42,8 @@
          o SipHash
          o ARIA (including TLS support)
      o Significant Side-Channel attack security improvements
+      o Add a new ClientHello callback to provide the ability to adjust the SSL
+        object at an early stage.
      o Add 'Maximum Fragment Length' TLS extension negotiation and support
      o A new STORE module, which implements a uniform and URI based reader of
        stores that can contain keys, certificates, CRLs and numerous other