aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorkinichiro <kinichiro.inoguchi@gmail.com>2020-05-30 23:15:58 +0900
committerkinichiro <kinichiro.inoguchi@gmail.com>2020-05-30 23:15:58 +0900
commit654e938e11d3132ec24faf21ea4bcedfdf0a6729 (patch)
tree6095c5b67ef58c2ef89ace002c485d685e588c28 /ChangeLog
parent8b0ba4244e4bc9fd56366a26695978882216161d (diff)
downloadportable-654e938e11d3132ec24faf21ea4bcedfdf0a6729.tar.gz
portable-654e938e11d3132ec24faf21ea4bcedfdf0a6729.tar.bz2
portable-654e938e11d3132ec24faf21ea4bcedfdf0a6729.zip
Update ChangeLog
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog24
1 files changed, 10 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index c6d290f..089ee11 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,8 +30,8 @@ LibreSSL Portable Release Notes:
30 30
313.2.0 - Development release 313.2.0 - Development release
32 32
33 * Improve length checks in record layer and provide appropritate 33 * Improve length checks in record layer and provide appropriate
34 alerts for for violations of record layer limits. 34 alerts for violations of record layer limits.
35 35
36 * Enforce in the server that SNI hostnames be correctly formed as 36 * Enforce in the server that SNI hostnames be correctly formed as
37 per RFC 6066 and RFC 5890, responding with illegal parameter for 37 per RFC 6066 and RFC 5890, responding with illegal parameter for
@@ -48,8 +48,8 @@ LibreSSL Portable Release Notes:
48 48
49 * Add tlsfuzzer based regression tests. 49 * Add tlsfuzzer based regression tests.
50 50
51 * Support sending certificate status replies from the tls13 server 51 * Support sending certificate status replies from the TLS 1.3 server
52 to send ocsp staples for leaf certificates. 52 to send OCSP staples for leaf certificates.
53 53
54 * Send correct alerts when handling failed key share extensions 54 * Send correct alerts when handling failed key share extensions
55 on the TLS 1.3 server. 55 on the TLS 1.3 server.
@@ -60,7 +60,7 @@ LibreSSL Portable Release Notes:
60 * Support TLS 1.3 options in the openssl(1) command. 60 * Support TLS 1.3 options in the openssl(1) command.
61 61
62 * Enable TLS 1.3 server side in addition to client by default. 62 * Enable TLS 1.3 server side in addition to client by default.
63 with this change tls13 is handled entirely on the new stack 63 With this change TLS 1.3 is handled entirely on the new stack
64 and state machine, with fallback to the legacy stack and 64 and state machine, with fallback to the legacy stack and
65 state machine for older versions. 65 state machine for older versions.
66 66
@@ -69,27 +69,23 @@ LibreSSL Portable Release Notes:
69 69
70 * Modify "openssl x509" to display invalid certificate times as 70 * Modify "openssl x509" to display invalid certificate times as
71 invalid, and correctly deal with the failing return case from 71 invalid, and correctly deal with the failing return case from
72 x509_time_cmp so that a certificate with an invalid NotAfter does 72 X509_cmp_time so that a certificate with an invalid NotAfter does
73 not appear valid. 73 not appear valid.
74 74
75 * Support sending dummy change_cipher_spec records for middlebox 75 * Support sending dummy change_cipher_spec records for middlebox
76 compatibility. 76 compatibility.
77 77
78 * Ensure only PSS may be used with RSA in tls 1.3 78 * Ensure only PSS may be used with RSA in TLS 1.3.
79 79
80 * The client must advertise exactly the "null" compression method 80 * The client must advertise exactly the "null" compression method
81 in its legacy_compression_field, nothing else. 81 in its legacy_compression_methods, nothing else.
82 82
83 * Incorrect use of sockaddr instead of sockaddr_storage in the 83 * Incorrect use of sockaddr instead of sockaddr_storage in the
84 s_client could lead to using 14 bytes of stack garbage instead 84 s_client could lead to using 14 bytes of stack garbage instead
85 of an IPv6 address in DTLS mode. 85 of an IPv6 address in DTLS mode.
86 86
87 * Support sending certificate status from the tls13 client to retrieve 87 * Support sending certificate status requests from the TLS 1.3
88 ocsp staples for leaf certificates. 88 client to retrieve OCSP staples for leaf certificates.
89
90 * Support sending certificate status requests from the tls13
91 client to retrieve ocsp staples for leaf certificates.
92
93 89
943.1.2 - Bug fix 903.1.2 - Bug fix
95 91