NEWS revision 68651
155714Skris 255714Skris NEWS 355714Skris ==== 455714Skris 555714Skris This file gives a brief overview of the major changes between each OpenSSL 655714Skris release. For more details please read the CHANGES file. 755714Skris 868651Skris Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: 968651Skris 1068651Skris o Some documentation for BIO and SSL libraries. 1168651Skris o Enhanced chain verification using key identifiers. 1268651Skris o New sign and verify options to 'dgst' application. 1368651Skris o Support for DER and PEM encoded messages in 'smime' application. 1468651Skris o New 'rsautl' application, low level RSA utility. 1568651Skris o MD4 now included. 1668651Skris o Bugfix for SSL rollback padding check. 1768651Skris o Support for external crypto devices [1]. 1868651Skris o Enhanced EVP interface. 1968651Skris 2068651Skris [1] The support for external crypto devices is currently a separate 2168651Skris distribution. See the file README.ENGINE. 2268651Skris 2359191Skris Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: 2459191Skris 2559191Skris o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 2659191Skris o Shared library support for HPUX and Solaris-gcc 2759191Skris o Support of Linux/IA64 2859191Skris o Assembler support for Mingw32 2959191Skris o New 'rand' application 3059191Skris o New way to check for existence of algorithms from scripts 3159191Skris 3259191Skris Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: 3359191Skris 3459191Skris o S/MIME support in new 'smime' command 3559191Skris o Documentation for the OpenSSL command line application 3659191Skris o Automation of 'req' application 3759191Skris o Fixes to make s_client, s_server work under Windows 3859191Skris o Support for multiple fieldnames in SPKACs 3959191Skris o New SPKAC command line utilty and associated library functions 4059191Skris o Options to allow passwords to be obtained from various sources 4159191Skris o New public key PEM format and options to handle it 4259191Skris o Many other fixes and enhancements to command line utilities 4359191Skris o Usable certificate chain verification 4459191Skris o Certificate purpose checking 4559191Skris o Certificate trust settings 4659191Skris o Support of authority information access extension 4759191Skris o Extensions in certificate requests 4859191Skris o Simplified X509 name and attribute routines 4959191Skris o Initial (incomplete) support for international character sets 5059191Skris o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 5159191Skris o Read only memory BIOs and simplified creation function 5259191Skris o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 5359191Skris record; allow fragmentation and interleaving of handshake and other 5459191Skris data 5559191Skris o TLS/SSL code now "tolerates" MS SGC 5659191Skris o Work around for Netscape client certificate hang bug 5759191Skris o RSA_NULL option that removes RSA patent code but keeps other 5859191Skris RSA functionality 5959191Skris o Memory leak detection now allows applications to add extra information 6059191Skris via a per-thread stack 6159191Skris o PRNG robustness improved 6259191Skris o EGD support 6359191Skris o BIGNUM library bug fixes 6459191Skris o Faster DSA parameter generation 6559191Skris o Enhanced support for Alpha Linux 6659191Skris o Experimental MacOS support 6759191Skris 6855714Skris Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: 6955714Skris 7055714Skris o Transparent support for PKCS#8 format private keys: these are used 7155714Skris by several software packages and are more secure than the standard 7255714Skris form 7355714Skris o PKCS#5 v2.0 implementation 7455714Skris o Password callbacks have a new void * argument for application data 7555714Skris o Avoid various memory leaks 7655714Skris o New pipe-like BIO that allows using the SSL library when actual I/O 7755714Skris must be handled by the application (BIO pair) 7855714Skris 7955714Skris Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: 8055714Skris o Lots of enhancements and cleanups to the Configuration mechanism 8155714Skris o RSA OEAP related fixes 8255714Skris o Added `openssl ca -revoke' option for revoking a certificate 8355714Skris o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 8455714Skris o Source tree cleanups: removed lots of obsolete files 8555714Skris o Thawte SXNet, certificate policies and CRL distribution points 8655714Skris extension support 8755714Skris o Preliminary (experimental) S/MIME support 8855714Skris o Support for ASN.1 UTF8String and VisibleString 8955714Skris o Full integration of PKCS#12 code 9055714Skris o Sparc assembler bignum implementation, optimized hash functions 9155714Skris o Option to disable selected ciphers 9255714Skris 9355714Skris Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: 9455714Skris o Fixed a security hole related to session resumption 9555714Skris o Fixed RSA encryption routines for the p < q case 9655714Skris o "ALL" in cipher lists now means "everything except NULL ciphers" 9755714Skris o Support for Triple-DES CBCM cipher 9855714Skris o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 9955714Skris o First support for new TLSv1 ciphers 10055714Skris o Added a few new BIOs (syslog BIO, reliable BIO) 10155714Skris o Extended support for DSA certificate/keys. 10255714Skris o Extended support for Certificate Signing Requests (CSR) 10355714Skris o Initial support for X.509v3 extensions 10455714Skris o Extended support for compression inside the SSL record layer 10555714Skris o Overhauled Win32 builds 10655714Skris o Cleanups and fixes to the Big Number (BN) library 10755714Skris o Support for ASN.1 GeneralizedTime 10855714Skris o Splitted ASN.1 SETs from SEQUENCEs 10955714Skris o ASN1 and PEM support for Netscape Certificate Sequences 11055714Skris o Overhauled Perl interface 11155714Skris o Lots of source tree cleanups. 11255714Skris o Lots of memory leak fixes. 11355714Skris o Lots of bug fixes. 11455714Skris 11555714Skris Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: 11655714Skris o Integration of the popular NO_RSA/NO_DSA patches 11755714Skris o Initial support for compression inside the SSL record layer 11855714Skris o Added BIO proxy and filtering functionality 11955714Skris o Extended Big Number (BN) library 12055714Skris o Added RIPE MD160 message digest 12155714Skris o Addeed support for RC2/64bit cipher 12255714Skris o Extended ASN.1 parser routines 12355714Skris o Adjustations of the source tree for CVS 12455714Skris o Support for various new platforms 12555714Skris 126