diff options
author | kinichiro <kinichiro.inoguchi@gmail.com> | 2020-05-30 23:15:58 +0900 |
---|---|---|
committer | kinichiro <kinichiro.inoguchi@gmail.com> | 2020-05-30 23:15:58 +0900 |
commit | 654e938e11d3132ec24faf21ea4bcedfdf0a6729 (patch) | |
tree | 6095c5b67ef58c2ef89ace002c485d685e588c28 /ChangeLog | |
parent | 8b0ba4244e4bc9fd56366a26695978882216161d (diff) | |
download | portable-654e938e11d3132ec24faf21ea4bcedfdf0a6729.tar.gz portable-654e938e11d3132ec24faf21ea4bcedfdf0a6729.tar.bz2 portable-654e938e11d3132ec24faf21ea4bcedfdf0a6729.zip |
Update ChangeLog
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 24 |
1 files changed, 10 insertions, 14 deletions
@@ -30,8 +30,8 @@ LibreSSL Portable Release Notes: | |||
30 | 30 | ||
31 | 3.2.0 - Development release | 31 | 3.2.0 - Development release |
32 | 32 | ||
33 | * Improve length checks in record layer and provide appropritate | 33 | * Improve length checks in record layer and provide appropriate |
34 | alerts for for violations of record layer limits. | 34 | alerts for violations of record layer limits. |
35 | 35 | ||
36 | * Enforce in the server that SNI hostnames be correctly formed as | 36 | * Enforce in the server that SNI hostnames be correctly formed as |
37 | per RFC 6066 and RFC 5890, responding with illegal parameter for | 37 | per RFC 6066 and RFC 5890, responding with illegal parameter for |
@@ -48,8 +48,8 @@ LibreSSL Portable Release Notes: | |||
48 | 48 | ||
49 | * Add tlsfuzzer based regression tests. | 49 | * Add tlsfuzzer based regression tests. |
50 | 50 | ||
51 | * Support sending certificate status replies from the tls13 server | 51 | * Support sending certificate status replies from the TLS 1.3 server |
52 | to send ocsp staples for leaf certificates. | 52 | to send OCSP staples for leaf certificates. |
53 | 53 | ||
54 | * Send correct alerts when handling failed key share extensions | 54 | * Send correct alerts when handling failed key share extensions |
55 | on the TLS 1.3 server. | 55 | on the TLS 1.3 server. |
@@ -60,7 +60,7 @@ LibreSSL Portable Release Notes: | |||
60 | * Support TLS 1.3 options in the openssl(1) command. | 60 | * Support TLS 1.3 options in the openssl(1) command. |
61 | 61 | ||
62 | * Enable TLS 1.3 server side in addition to client by default. | 62 | * Enable TLS 1.3 server side in addition to client by default. |
63 | with this change tls13 is handled entirely on the new stack | 63 | With this change TLS 1.3 is handled entirely on the new stack |
64 | and state machine, with fallback to the legacy stack and | 64 | and state machine, with fallback to the legacy stack and |
65 | state machine for older versions. | 65 | state machine for older versions. |
66 | 66 | ||
@@ -69,27 +69,23 @@ LibreSSL Portable Release Notes: | |||
69 | 69 | ||
70 | * Modify "openssl x509" to display invalid certificate times as | 70 | * Modify "openssl x509" to display invalid certificate times as |
71 | invalid, and correctly deal with the failing return case from | 71 | invalid, and correctly deal with the failing return case from |
72 | x509_time_cmp so that a certificate with an invalid NotAfter does | 72 | X509_cmp_time so that a certificate with an invalid NotAfter does |
73 | not appear valid. | 73 | not appear valid. |
74 | 74 | ||
75 | * Support sending dummy change_cipher_spec records for middlebox | 75 | * Support sending dummy change_cipher_spec records for middlebox |
76 | compatibility. | 76 | compatibility. |
77 | 77 | ||
78 | * Ensure only PSS may be used with RSA in tls 1.3 | 78 | * Ensure only PSS may be used with RSA in TLS 1.3. |
79 | 79 | ||
80 | * The client must advertise exactly the "null" compression method | 80 | * The client must advertise exactly the "null" compression method |
81 | in its legacy_compression_field, nothing else. | 81 | in its legacy_compression_methods, nothing else. |
82 | 82 | ||
83 | * Incorrect use of sockaddr instead of sockaddr_storage in the | 83 | * Incorrect use of sockaddr instead of sockaddr_storage in the |
84 | s_client could lead to using 14 bytes of stack garbage instead | 84 | s_client could lead to using 14 bytes of stack garbage instead |
85 | of an IPv6 address in DTLS mode. | 85 | of an IPv6 address in DTLS mode. |
86 | 86 | ||
87 | * Support sending certificate status from the tls13 client to retrieve | 87 | * Support sending certificate status requests from the TLS 1.3 |
88 | ocsp staples for leaf certificates. | 88 | client to retrieve OCSP staples for leaf certificates. |
89 | |||
90 | * Support sending certificate status requests from the tls13 | ||
91 | client to retrieve ocsp staples for leaf certificates. | ||
92 | |||
93 | 89 | ||
94 | 3.1.2 - Bug fix | 90 | 3.1.2 - Bug fix |
95 | 91 | ||