aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@openbsd.org>2020-10-07 16:54:18 +0200
committerBrent Cook <busterb@gmail.com>2020-10-17 03:15:28 -0500
commit4de6e2988370865e447f3d3e826ffc7aee96056b (patch)
tree709f896061cc98516ca29a80074777a56a2219d3
parent2200d29ad01d8df226adcb8938575dfbd2c2bd10 (diff)
downloadportable-4de6e2988370865e447f3d3e826ffc7aee96056b.tar.gz
portable-4de6e2988370865e447f3d3e826ffc7aee96056b.tar.bz2
portable-4de6e2988370865e447f3d3e826ffc7aee96056b.zip
Mention TLSv1.3 server up front, then validator. Other minor
tweaks.
Diffstat
-rw-r--r--ChangeLog32
1 files changed, 19 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 3d7fda2..936ffa4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,18 +30,11 @@ LibreSSL Portable Release Notes:
30 30
313.2.2 - Stable release 313.2.2 - Stable release
32 32
33 * Improve the handling of BIO_read()/BIO_write() failures in the 33 * This is the first stable release with the new TLSv1.3 implementation
34 TLSv1.3 stack. 34 enabled for both server and client. The OpenSSL TLSv1.3 API is not
35 yet available and will be provided in an upcoming release.
35 36
36 * Prepare to provide most of the TLSv1.3-related OpenSSL 1.1.1 API. 37 * This release also adds a new X509 certificate chain validator
37 This will be finished in an upcoming release.
38
39 * Implement SSL_{CTX_,}set_ciphersuites() and add regress. This is not
40 yet public API and will be enabled in a future release.
41
42 * Start replacing the existing TLSv1.2 record layer.
43
44 * Add a new X509 certificate chain validator.
45 38
46 The new validator finds multiple validated chains to handle the 39 The new validator finds multiple validated chains to handle the
47 modern PKI cases which may frequently have multiple paths via 40 modern PKI cases which may frequently have multiple paths via
@@ -53,7 +46,18 @@ LibreSSL Portable Release Notes:
53 return multiple chains (similar to go). 46 return multiple chains (similar to go).
54 47
55 The new public API is not yet exposed, and will be finalized and 48 The new public API is not yet exposed, and will be finalized and
56 exposed with a man page and a library minor bump later. 49 enabled later.
50
51 * Improve the handling of BIO_read()/BIO_write() failures in the
52 TLSv1.3 stack.
53
54 * Prepare to provide most of the TLSv1.3-related OpenSSL 1.1.1 API.
55 This will be finished in an upcoming release.
56
57 * Implement SSL_{CTX_,}set_ciphersuites() and add regress. This is not
58 yet public API and will be enabled in a future release.
59
60 * Start replacing the existing TLSv1.2 record layer.
57 61
58 * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. 62 * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h.
59 63
@@ -70,7 +74,7 @@ LibreSSL Portable Release Notes:
70 74
71 * Avoid an out-of-bounds write in BN_rand(). 75 * Avoid an out-of-bounds write in BN_rand().
72 76
73 * Fix numerous leaks in the UI_dup_* functions and simplify and tidy up 77 * Fix numerous leaks in the UI_dup_* functions. Simplify and tidy up
74 the code in ui_lib.c. 78 the code in ui_lib.c.
75 79
76 * Avoid potential segmentation fault with SSL_get0_alpn_selected 80 * Avoid potential segmentation fault with SSL_get0_alpn_selected
@@ -111,6 +115,8 @@ LibreSSL Portable Release Notes:
111 * Add initial manual page for the x509_verify() chain validator which 115 * Add initial manual page for the x509_verify() chain validator which
112 will be installed once the new API is publically exposed. 116 will be installed once the new API is publically exposed.
113 117
118 * Greatly expanded test coverage by the tlsfuzzer test scripts.
119
114 * Test the Botan TLS client with LibreSSL, OpenSSL 1.0.2 and 1.1.1 120 * Test the Botan TLS client with LibreSSL, OpenSSL 1.0.2 and 1.1.1
115 servers. 121 servers.
116 122
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-18 10:12:46 +0000