diff options
author | Brent Cook <bcook@openbsd.org> | 2015-09-11 18:18:46 -0500 |
---|---|---|
committer | Brent Cook <bcook@openbsd.org> | 2015-09-11 18:18:46 -0500 |
commit | 105c86f3ed1508e9bb55ea3e59670b388ec7a076 (patch) | |
tree | b3b891054b60c349bc08d5c08ee9331421e28fb5 /ChangeLog | |
parent | 6db3fc7c31adf72157e3ed49542f97d56ef1e82a (diff) | |
download | portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.gz portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.bz2 portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.zip |
first round of 2.3.0 release notes
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 38 |
1 files changed, 38 insertions, 0 deletions
@@ -28,6 +28,44 @@ history is also available from Git. | |||
28 | 28 | ||
29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
30 | 30 | ||
31 | 2.3.0 - SSLv3 removed, libtls API changes, portability improvements | ||
32 | e | ||
33 | * SSLv3 is now permanently removed from the tree. | ||
34 | |||
35 | * The libtls API is changed from the 2.2.x series. | ||
36 | |||
37 | The read/writte functions work correctly with external event | ||
38 | libraries. See the tls_init man page for examples of using libtls | ||
39 | correctly in asynchronous mode. | ||
40 | |||
41 | Client-side verification is now supported, with the client supplying | ||
42 | the certificate to the server. | ||
43 | |||
44 | Also, when using tls_connect_fds, tls_connect_socket or | ||
45 | tls_accept_fds, libtls no longer implicitly closes the passed in | ||
46 | sockets. The caller is responsible for closing them in this case. | ||
47 | |||
48 | * When loading a DSA key from an raw (without DH parameters) ASN.1 | ||
49 | serialization, perform some consistency checks on its `p' and `q' | ||
50 | values, and return an error if the checks failed. | ||
51 | |||
52 | Thanks for Georgi Guninski (guninski at guninski dot com) for | ||
53 | mentioning the possibility of a weak (non prime) q value and | ||
54 | providing a test case. | ||
55 | |||
56 | See | ||
57 | https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html | ||
58 | for a longer discussion. | ||
59 | |||
60 | * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no | ||
61 | longer supported. | ||
62 | |||
63 | * The engine command and parameters are removed from the openssl(1). | ||
64 | Previous releases removed dynamic and builtin engine support | ||
65 | already. | ||
66 | |||
67 | * The out_len argument of AEAD changed from ssize_t to size_t. | ||
68 | |||
31 | 2.2.3 - Bug fixes, build enhancements | 69 | 2.2.3 - Bug fixes, build enhancements |
32 | 70 | ||
33 | * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not | 71 | * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not |