diff options
author | Theo Buehler <tb@openbsd.org> | 2020-05-29 05:59:10 +0200 |
---|---|---|
committer | Theo Buehler <tb@openbsd.org> | 2020-05-29 05:59:10 +0200 |
commit | 8b0ba4244e4bc9fd56366a26695978882216161d (patch) | |
tree | 40e71c05c2eb5b7fc354026e6dcc408ca819c3ca /ChangeLog | |
parent | fcd9da32e8014dd9155d6653d364dbfb31e015b3 (diff) | |
download | portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.gz portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.bz2 portable-8b0ba4244e4bc9fd56366a26695978882216161d.zip |
whitespace, typos and a repeated entry
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 35 |
1 files changed, 15 insertions, 20 deletions
@@ -31,20 +31,20 @@ LibreSSL Portable Release Notes: | |||
31 | 3.2.0 - Development release | 31 | 3.2.0 - Development release |
32 | 32 | ||
33 | * Improve length checks in record layer and provide appropritate | 33 | * Improve length checks in record layer and provide appropritate |
34 | alerts for for violations of record layer limits. | 34 | alerts for for violations of record layer limits. |
35 | 35 | ||
36 | * Enforce in the server that SNI hostnames be correctly formed as | 36 | * Enforce in the server that SNI hostnames be correctly formed as |
37 | per RFC 6066 and RFC 5890, responding with illegal paramerter for | 37 | per RFC 6066 and RFC 5890, responding with illegal parameter for |
38 | a nonconformant host name. | 38 | a nonconformant host name. |
39 | 39 | ||
40 | * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in | 40 | * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in |
41 | various commands. | 41 | various commands. |
42 | 42 | ||
43 | * Modify io behavior so that SSL_MODE_AUTO_RETRY is the default | 43 | * Modify io behavior so that SSL_MODE_AUTO_RETRY is the default |
44 | similar to new OpenSSL releases. | 44 | similar to new OpenSSL releases. |
45 | 45 | ||
46 | * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic | 46 | * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic |
47 | retry of handshake messages. | 47 | retry of handshake messages. |
48 | 48 | ||
49 | * Add tlsfuzzer based regression tests. | 49 | * Add tlsfuzzer based regression tests. |
50 | 50 | ||
@@ -52,34 +52,29 @@ LibreSSL Portable Release Notes: | |||
52 | to send ocsp staples for leaf certificates. | 52 | to send ocsp staples for leaf certificates. |
53 | 53 | ||
54 | * Send correct alerts when handling failed key share extensions | 54 | * Send correct alerts when handling failed key share extensions |
55 | on the TLS 1.3 server. | 55 | on the TLS 1.3 server. |
56 | 56 | ||
57 | * Various compatibility fixes for TLS 1.3 to 1.2 fallback for | 57 | * Various compatibility fixes for TLS 1.3 to 1.2 fallback for |
58 | switching from the new to legacy stacks. | 58 | switching from the new to legacy stacks. |
59 | 59 | ||
60 | * Support TLS 1.3 options in the openssl(1) command. | 60 | * Support TLS 1.3 options in the openssl(1) command. |
61 | 61 | ||
62 | * Enable TLS 1.3 server side in addition to client by default. | 62 | * Enable TLS 1.3 server side in addition to client by default. |
63 | with this change tls13 is handled entirely on the new stack | 63 | with this change tls13 is handled entirely on the new stack |
64 | and state machine, with fallback to the legacy stack and | 64 | and state machine, with fallback to the legacy stack and |
65 | state machine for older versions. | 65 | state machine for older versions. |
66 | 66 | ||
67 | * Many alert cleanups in TLS 1.3 to provide expected alerts | 67 | * Many alert cleanups in TLS 1.3 to provide expected alerts |
68 | in failure conditions. | 68 | in failure conditions. |
69 | 69 | ||
70 | * Modify "openssl x509" to display invalid certificate times as | 70 | * Modify "openssl x509" to display invalid certificate times as |
71 | invalid, and correctly deal with the failing return case from | 71 | invalid, and correctly deal with the failing return case from |
72 | x509_time_cmp so that a certificate with an invalid NotAfter does | 72 | x509_time_cmp so that a certificate with an invalid NotAfter does |
73 | not appear valid. | 73 | not appear valid. |
74 | 74 | ||
75 | * Support sending dummy change_cipher_spec records for middlebox | 75 | * Support sending dummy change_cipher_spec records for middlebox |
76 | compatibility. | 76 | compatibility. |
77 | 77 | ||
78 | * Added a test harness to run tlsfuzzer's test scripts against | ||
79 | the TLSv1.3 server. These test scripts exhibited numerous | ||
80 | corner cases that were dealt with incorrectly. Fixed several | ||
81 | instances of missing or incorrect alerts. | ||
82 | |||
83 | * Ensure only PSS may be used with RSA in tls 1.3 | 78 | * Ensure only PSS may be used with RSA in tls 1.3 |
84 | 79 | ||
85 | * The client must advertise exactly the "null" compression method | 80 | * The client must advertise exactly the "null" compression method |