first round of 2.3.0 release notes

author: Brent Cook <bcook@openbsd.org> 2015-09-11 18:18:46 -0500
committer: Brent Cook <bcook@openbsd.org> 2015-09-11 18:18:46 -0500
commit: 105c86f3ed1508e9bb55ea3e59670b388ec7a076 (patch)
tree: b3b891054b60c349bc08d5c08ee9331421e28fb5 /ChangeLog
parent: 6db3fc7c31adf72157e3ed49542f97d56ef1e82a (diff)
download: portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.gz
portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.bz2
portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.zip
1 files changed, 38 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 2f353a3..bb01bc3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,44 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.3.0 - SSLv3 removed, libtls API changes, portability improvements
+e
+        * SSLv3 is now permanently removed from the tree.
+        * The libtls API is changed from the 2.2.x series.
+          The read/writte functions work correctly with external event
+          libraries.  See the tls_init man page for examples of using libtls
+          correctly in asynchronous mode.
+          Client-side verification is now supported, with the client supplying
+          the certificate to the server.
+          Also, when using tls_connect_fds, tls_connect_socket or
+          tls_accept_fds, libtls no longer implicitly closes the passed in
+          sockets. The caller is responsible for closing them in this case.
+        * When loading a DSA key from an raw (without DH parameters) ASN.1
+          serialization, perform some consistency checks on its `p' and `q'
+          values, and return an error if the checks failed.
+          Thanks for Georgi Guninski (guninski at guninski dot com) for
+          mentioning the possibility of a weak (non prime) q value and
+          providing a test case.
+          See
+          https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
+          for a longer discussion.
+        * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
+          longer supported.
+        * The engine command and parameters are removed from the openssl(1).
+          Previous releases removed dynamic and builtin engine support
+          already.
+        * The out_len argument of AEAD changed from ssize_t to size_t.
 2.2.3 - Bug fixes, build enhancements
        * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
author	Brent Cook <bcook@openbsd.org>	2015-09-11 18:18:46 -0500
committer	Brent Cook <bcook@openbsd.org>	2015-09-11 18:18:46 -0500
commit	105c86f3ed1508e9bb55ea3e59670b388ec7a076 (patch)
tree	b3b891054b60c349bc08d5c08ee9331421e28fb5 /ChangeLog
parent	6db3fc7c31adf72157e3ed49542f97d56ef1e82a (diff)
download	portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.gz portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.bz2 portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.zip

diff --git a/ChangeLog b/ChangeLog index 2f353a3..bb01bc3 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,44 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.3.0 - SSLv3 removed, libtls API changes, portability improvements
		32	e
		33	* SSLv3 is now permanently removed from the tree.
		34
		35	* The libtls API is changed from the 2.2.x series.
		36
		37	The read/writte functions work correctly with external event
		38	libraries. See the tls_init man page for examples of using libtls
		39	correctly in asynchronous mode.
		40
		41	Client-side verification is now supported, with the client supplying
		42	the certificate to the server.
		43
		44	Also, when using tls_connect_fds, tls_connect_socket or
		45	tls_accept_fds, libtls no longer implicitly closes the passed in
		46	sockets. The caller is responsible for closing them in this case.
		47
		48	* When loading a DSA key from an raw (without DH parameters) ASN.1
		49	serialization, perform some consistency checks on its `p' and `q'
		50	values, and return an error if the checks failed.
		51
		52	Thanks for Georgi Guninski (guninski at guninski dot com) for
		53	mentioning the possibility of a weak (non prime) q value and
		54	providing a test case.
		55
		56	See
		57	https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
		58	for a longer discussion.
		59
		60	* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
		61	longer supported.
		62
		63	* The engine command and parameters are removed from the openssl(1).
		64	Previous releases removed dynamic and builtin engine support
		65	already.
		66
		67	* The out_len argument of AEAD changed from ssize_t to size_t.
		68
31	2.2.3 - Bug fixes, build enhancements	69	2.2.3 - Bug fixes, build enhancements
32		70
33	* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not	71	* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not