aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorTheo Buehler <tb@openbsd.org>2020-05-29 05:59:10 +0200
committerTheo Buehler <tb@openbsd.org>2020-05-29 05:59:10 +0200
commit8b0ba4244e4bc9fd56366a26695978882216161d (patch)
tree40e71c05c2eb5b7fc354026e6dcc408ca819c3ca /ChangeLog
parentfcd9da32e8014dd9155d6653d364dbfb31e015b3 (diff)
downloadportable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.gz
portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.bz2
portable-8b0ba4244e4bc9fd56366a26695978882216161d.zip
whitespace, typos and a repeated entry
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog35
1 files changed, 15 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index 5e69fa9..c6d290f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,20 +31,20 @@ LibreSSL Portable Release Notes:
313.2.0 - Development release 313.2.0 - Development release
32 32
33 * Improve length checks in record layer and provide appropritate 33 * Improve length checks in record layer and provide appropritate
34 alerts for for violations of record layer limits. 34 alerts for for violations of record layer limits.
35 35
36 * Enforce in the server that SNI hostnames be correctly formed as 36 * Enforce in the server that SNI hostnames be correctly formed as
37 per RFC 6066 and RFC 5890, responding with illegal paramerter for 37 per RFC 6066 and RFC 5890, responding with illegal parameter for
38 a nonconformant host name. 38 a nonconformant host name.
39 39
40 * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in 40 * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in
41 various commands. 41 various commands.
42 42
43 * Modify io behavior so that SSL_MODE_AUTO_RETRY is the default 43 * Modify io behavior so that SSL_MODE_AUTO_RETRY is the default
44 similar to new OpenSSL releases. 44 similar to new OpenSSL releases.
45 45
46 * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic 46 * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic
47 retry of handshake messages. 47 retry of handshake messages.
48 48
49 * Add tlsfuzzer based regression tests. 49 * Add tlsfuzzer based regression tests.
50 50
@@ -52,34 +52,29 @@ LibreSSL Portable Release Notes:
52 to send ocsp staples for leaf certificates. 52 to send ocsp staples for leaf certificates.
53 53
54 * Send correct alerts when handling failed key share extensions 54 * Send correct alerts when handling failed key share extensions
55 on the TLS 1.3 server. 55 on the TLS 1.3 server.
56 56
57 * Various compatibility fixes for TLS 1.3 to 1.2 fallback for 57 * Various compatibility fixes for TLS 1.3 to 1.2 fallback for
58 switching from the new to legacy stacks. 58 switching from the new to legacy stacks.
59 59
60 * Support TLS 1.3 options in the openssl(1) command. 60 * Support TLS 1.3 options in the openssl(1) command.
61 61
62 * Enable TLS 1.3 server side in addition to client by default. 62 * Enable TLS 1.3 server side in addition to client by default.
63 with this change tls13 is handled entirely on the new stack 63 with this change tls13 is handled entirely on the new stack
64 and state machine, with fallback to the legacy stack and 64 and state machine, with fallback to the legacy stack and
65 state machine for older versions. 65 state machine for older versions.
66 66
67 * Many alert cleanups in TLS 1.3 to provide expected alerts 67 * Many alert cleanups in TLS 1.3 to provide expected alerts
68 in failure conditions. 68 in failure conditions.
69 69
70 * Modify "openssl x509" to display invalid certificate times as 70 * Modify "openssl x509" to display invalid certificate times as
71 invalid, and correctly deal with the failing return case from 71 invalid, and correctly deal with the failing return case from
72 x509_time_cmp so that a certificate with an invalid NotAfter does 72 x509_time_cmp so that a certificate with an invalid NotAfter does
73 not appear valid. 73 not appear valid.
74 74
75 * Support sending dummy change_cipher_spec records for middlebox 75 * Support sending dummy change_cipher_spec records for middlebox
76 compatibility. 76 compatibility.
77 77
78 * Added a test harness to run tlsfuzzer's test scripts against
79 the TLSv1.3 server. These test scripts exhibited numerous
80 corner cases that were dealt with incorrectly. Fixed several
81 instances of missing or incorrect alerts.
82
83 * Ensure only PSS may be used with RSA in tls 1.3 78 * Ensure only PSS may be used with RSA in tls 1.3
84 79
85 * The client must advertise exactly the "null" compression method 80 * The client must advertise exactly the "null" compression method