1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4dfec6f..6ec28e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.4.2 - Bug fixes and improvements
+        * Fixed loading default certificate locations with openssl s_client.
+        * Ensured OSCP only uses and compares GENERALIZEDTIME values as per
+          RFC6960. Also added fixes for OCSP to work with intermediate
+          certificates provided in responses.
+        * Improved behavior of arc4random on Windows to not appear to leak
+          memory in debug tools, reduced privileges of allocated memory.
+        * Fixed incorrect results from BN_mod_word() when the modulus is too
+          large, thanks to Brian Smith from BoringSSL.
+        * Correctly handle an EOF prior to completing the TLS handshake in
+          libtls.
+        * Improved libtls ceritificate loading and cipher string validation.
+        * Updated libtls cipher group suites into four categories:
+            "secure"   (TLSv1.2+AEAD+PFS)
+            "compat"   (HIGH:!aNULL)
+            "legacy"   (HIGH:MEDIUM:!aNULL)
+            "insecure" (ALL:!aNULL:!eNULL)
+          This allows for flexibility and finer grained control, rather than
+          having two extremes.
+        * Limited support for 'backward compatible' SSLv2 handshake packets to
+          when TLS 1.0 is enabled, providing more restricted compatibility
+          with TLS 1.0 clients.
+        * openssl(1) and other documentation improvements.
+        * Removed flags for disabling constant-time operations.
+          This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
+          DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
+          all of these operations unconditionally constant-time.
 2.4.1 - Security fix
        * Correct a problem that prevents the DSA signing algorithm from

diff --git a/ChangeLog b/ChangeLog index 4dfec6f..6ec28e0 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.4.2 - Bug fixes and improvements
		32
		33	* Fixed loading default certificate locations with openssl s_client.
		34
		35	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
		36	RFC6960. Also added fixes for OCSP to work with intermediate
		37	certificates provided in responses.
		38
		39	* Improved behavior of arc4random on Windows to not appear to leak
		40	memory in debug tools, reduced privileges of allocated memory.
		41
		42	* Fixed incorrect results from BN_mod_word() when the modulus is too
		43	large, thanks to Brian Smith from BoringSSL.
		44
		45	* Correctly handle an EOF prior to completing the TLS handshake in
		46	libtls.
		47
		48	* Improved libtls ceritificate loading and cipher string validation.
		49
		50	* Updated libtls cipher group suites into four categories:
		51	"secure" (TLSv1.2+AEAD+PFS)
		52	"compat" (HIGH:!aNULL)
		53	"legacy" (HIGH:MEDIUM:!aNULL)
		54	"insecure" (ALL:!aNULL:!eNULL)
		55	This allows for flexibility and finer grained control, rather than
		56	having two extremes.
		57
		58	* Limited support for 'backward compatible' SSLv2 handshake packets to
		59	when TLS 1.0 is enabled, providing more restricted compatibility
		60	with TLS 1.0 clients.
		61
		62	* openssl(1) and other documentation improvements.
		63
		64	* Removed flags for disabling constant-time operations.
		65	This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
		66	DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
		67	all of these operations unconditionally constant-time.
		68
		69
31	2.4.1 - Security fix	70	2.4.1 - Security fix
32		71
33	* Correct a problem that prevents the DSA signing algorithm from	72	* Correct a problem that prevents the DSA signing algorithm from