aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorBrent Cook <bcook@openbsd.org>2015-02-22 18:06:46 -0600
committerBrent Cook <bcook@openbsd.org>2015-02-22 18:06:46 -0600
commit2c5ac47db473503689bec13671b1c5e67133ac33 (patch)
tree278c7b427f6e28d60d1c6124273293eb7ab33714 /ChangeLog
parent329df39a13555f998da6181c4230acb8f4a4386a (diff)
downloadportable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.gz
portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.bz2
portable-2c5ac47db473503689bec13671b1c5e67133ac33.zip
Update initial changelog for 2.1.4
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog39
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index a855ff1..268f074 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
28 28
29LibreSSL Portable Release Notes: 29LibreSSL Portable Release Notes:
30 30
312.1.4 - Security and feature updates
32 * Improvements to libtls:
33
34 * a new API for loading CA chains directly from memory instead of a
35 file, allowing verification with privilege separation in a chroot
36 without direct access to CA certificate files.
37
38 * Ciphers default to TLSv1.2 with AEAD and PFS.
39
40 * Improved error handling and message generation
41
42 * New APIs and improved documentation
43
44 * Added X509_STORE_load_mem API for loading certificates from memory.
45 This facilitates accessing certificates from a chrooted environment.
46
47 * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
48 using 'TLSv1.2+AEAD' as the cipher selection string.
49
50 * Dead and disabled code removal including MD5, Netscape workarounds,
51 non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more.
52
53 * ASN1 macro maze expanded to aid reading and searching the code.
54
55 * NULL pointer asserts removed in favor of letting the OS/signal
56 handler catch them.
57
58 * Refactored argument handling in openssl(1) for consistency and
59 maintainability.
60
61 * New openssl(1) command 'certhash' replaces the c_rehash script.
62
63 * Support for building with OPENSSL_NO_DEPRECATED
64
65 * Dozens of issues found with the Coverity scanner fixed.
66
67 * Server-side support for TLS_FALLBACK_SCSV for compatibility with
68 various auditor and vulnerability scanners.
69
312.1.3 - Security update and OS support improvements 702.1.3 - Security update and OS support improvements
32 * Fixed various memory leaks in DTLS, including fixes for 71 * Fixed various memory leaks in DTLS, including fixes for
33 CVE-2015-0206. 72 CVE-2015-0206.