1 files changed, 35 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 3b4b10a..cb192f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,7 +48,7 @@ LibreSSL Portable Release Notes:
        * Support for alternate chains for certificate verification.
-        * Code cleanups, CBB conversions, further unification of DTLS/SSL
+        * Code cleanups, CBS conversions, further unification of DTLS/SSL
          handshake code, further ASN1 macro expansion and removal.
        * Private symbol are now hidden in libssl and libcryto.
@@ -58,6 +58,39 @@ LibreSSL Portable Release Notes:
        * Added OCSP stapling support to libtls and netcat.
+        * Added ocspcheck utility to validate a certificate against its OCSP
+          responder and save the reply for stapling
+        * Enhanced regression tests and error handling for libtls.
+        * Added explicit constant and non-constant time BN functions,
+          defaulting to constant time wherever possible.
+        * Moved many leaked implementation details in public structs behind
+          opaque pointers.
+        * Added ticket support to libtls.
+        * Added support for setting the supported EC curves via
+          SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
+          SSL{_CTX}_set1_curves{_list} names. This also changes the default
+          list of curves to be X25519, P-256 and P-384. All other curves must
+          be manually enabled.
+        * Added -groups option to openssl(1) s_client for specifying the curves
+          to be used in a colon-separated list.
+        * Merged client/server version negotiation code paths into one,
+          reducing much duplicate code.
+        * Removed error function codes from libssl and libcrypto.
+        * Fixed an issue where a truncated packet could crash via an OOB read.
+        * Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
+          client-initiated renegotiation. This is the default for libtls
+          servers.
        * Avoid a side-channel cache-timing attack that can leak the ECDSA
          private keys when signing. This is due to BN_mod_inverse() being
          used without the constant time flag being set. Reported by Cesar
@@ -67,6 +100,7 @@ LibreSSL Portable Release Notes:
        * iOS and MacOS compatibility updates from Simone Basso and Jacob
          Berkman.
 2.5.0 - New APIs, bug fixes and improvements
        * libtls now supports ALPN and SNI

diff --git a/ChangeLog b/ChangeLog index 3b4b10a..cb192f9 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -48,7 +48,7 @@ LibreSSL Portable Release Notes:
48		48
49	* Support for alternate chains for certificate verification.	49	* Support for alternate chains for certificate verification.
50		50
51	* Code cleanups, CBB conversions, further unification of DTLS/SSL	51	* Code cleanups, CBS conversions, further unification of DTLS/SSL
52	handshake code, further ASN1 macro expansion and removal.	52	handshake code, further ASN1 macro expansion and removal.
53		53
54	* Private symbol are now hidden in libssl and libcryto.	54	* Private symbol are now hidden in libssl and libcryto.
@@ -58,6 +58,39 @@ LibreSSL Portable Release Notes:
58		58
59	* Added OCSP stapling support to libtls and netcat.	59	* Added OCSP stapling support to libtls and netcat.
60		60
		61	* Added ocspcheck utility to validate a certificate against its OCSP
		62	responder and save the reply for stapling
		63
		64	* Enhanced regression tests and error handling for libtls.
		65
		66	* Added explicit constant and non-constant time BN functions,
		67	defaulting to constant time wherever possible.
		68
		69	* Moved many leaked implementation details in public structs behind
		70	opaque pointers.
		71
		72	* Added ticket support to libtls.
		73
		74	* Added support for setting the supported EC curves via
		75	SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
		76	SSL{_CTX}_set1_curves{_list} names. This also changes the default
		77	list of curves to be X25519, P-256 and P-384. All other curves must
		78	be manually enabled.
		79
		80	* Added -groups option to openssl(1) s_client for specifying the curves
		81	to be used in a colon-separated list.
		82
		83	* Merged client/server version negotiation code paths into one,
		84	reducing much duplicate code.
		85
		86	* Removed error function codes from libssl and libcrypto.
		87
		88	* Fixed an issue where a truncated packet could crash via an OOB read.
		89
		90	* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
		91	client-initiated renegotiation. This is the default for libtls
		92	servers.
		93
61	* Avoid a side-channel cache-timing attack that can leak the ECDSA	94	* Avoid a side-channel cache-timing attack that can leak the ECDSA
62	private keys when signing. This is due to BN_mod_inverse() being	95	private keys when signing. This is due to BN_mod_inverse() being
63	used without the constant time flag being set. Reported by Cesar	96	used without the constant time flag being set. Reported by Cesar
@@ -67,6 +100,7 @@ LibreSSL Portable Release Notes:
67	* iOS and MacOS compatibility updates from Simone Basso and Jacob	100	* iOS and MacOS compatibility updates from Simone Basso and Jacob
68	Berkman.	101	Berkman.
69		102
		103
70	2.5.0 - New APIs, bug fixes and improvements	104	2.5.0 - New APIs, bug fixes and improvements
71		105
72	* libtls now supports ALPN and SNI	106	* libtls now supports ALPN and SNI