aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorBrent Cook <bcook@openbsd.org>2015-09-11 18:18:46 -0500
committerBrent Cook <bcook@openbsd.org>2015-09-11 18:18:46 -0500
commit105c86f3ed1508e9bb55ea3e59670b388ec7a076 (patch)
treeb3b891054b60c349bc08d5c08ee9331421e28fb5 /ChangeLog
parent6db3fc7c31adf72157e3ed49542f97d56ef1e82a (diff)
downloadportable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.gz
portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.tar.bz2
portable-105c86f3ed1508e9bb55ea3e59670b388ec7a076.zip
first round of 2.3.0 release notes
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog38
1 files changed, 38 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 2f353a3..bb01bc3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,44 @@ history is also available from Git.
28 28
29LibreSSL Portable Release Notes: 29LibreSSL Portable Release Notes:
30 30
312.3.0 - SSLv3 removed, libtls API changes, portability improvements
32e
33 * SSLv3 is now permanently removed from the tree.
34
35 * The libtls API is changed from the 2.2.x series.
36
37 The read/writte functions work correctly with external event
38 libraries. See the tls_init man page for examples of using libtls
39 correctly in asynchronous mode.
40
41 Client-side verification is now supported, with the client supplying
42 the certificate to the server.
43
44 Also, when using tls_connect_fds, tls_connect_socket or
45 tls_accept_fds, libtls no longer implicitly closes the passed in
46 sockets. The caller is responsible for closing them in this case.
47
48 * When loading a DSA key from an raw (without DH parameters) ASN.1
49 serialization, perform some consistency checks on its `p' and `q'
50 values, and return an error if the checks failed.
51
52 Thanks for Georgi Guninski (guninski at guninski dot com) for
53 mentioning the possibility of a weak (non prime) q value and
54 providing a test case.
55
56 See
57 https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
58 for a longer discussion.
59
60 * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
61 longer supported.
62
63 * The engine command and parameters are removed from the openssl(1).
64 Previous releases removed dynamic and builtin engine support
65 already.
66
67 * The out_len argument of AEAD changed from ssize_t to size_t.
68
312.2.3 - Bug fixes, build enhancements 692.2.3 - Bug fixes, build enhancements
32 70
33 * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not 71 * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not