1 files changed, 25 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index f381520..88a421d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -96,6 +96,31 @@ LibreSSL Portable Release Notes:
        * Use non-expired certificates first when building a certificate chain.
+3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
+        * Improve client certificate selection to allow EC certificates
+          instead of only RSA certificates.
+        * Do not error out if a TLSv1.3 server requests an OCSP response as
+          part of a certificate request.
+        * Fix SSL_shutdown behavior to match the legacy stack.  The previous
+          behaviour could cause a hang.
+        * Fix a memory leak and add a missing error check in the handling of
+          the key update message.
+        * Fix a memory leak in tls13_record_layer_set_traffic_key.
+        * Avoid calling freezero with a negative size if a server sends a
+          malformed plaintext of all zeroes.
+        * Ensure that only PSS may be used with RSA in TLSv1.3 in order
+          to avoid using PKCS1-based signatures.
+        * Add the P-521 curve to the list of curves supported by default
+          in the client.
 3.1.3 - Bug fix
        * libcrypto may fail to build a valid certificate chain due to

diff --git a/ChangeLog b/ChangeLog index f381520..88a421d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -96,6 +96,31 @@ LibreSSL Portable Release Notes:
96		96
97	* Use non-expired certificates first when building a certificate chain.	97	* Use non-expired certificates first when building a certificate chain.
98		98
		99	3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
		100
		101	* Improve client certificate selection to allow EC certificates
		102	instead of only RSA certificates.
		103
		104	* Do not error out if a TLSv1.3 server requests an OCSP response as
		105	part of a certificate request.
		106
		107	* Fix SSL_shutdown behavior to match the legacy stack. The previous
		108	behaviour could cause a hang.
		109
		110	* Fix a memory leak and add a missing error check in the handling of
		111	the key update message.
		112
		113	* Fix a memory leak in tls13_record_layer_set_traffic_key.
		114
		115	* Avoid calling freezero with a negative size if a server sends a
		116	malformed plaintext of all zeroes.
		117
		118	* Ensure that only PSS may be used with RSA in TLSv1.3 in order
		119	to avoid using PKCS1-based signatures.
		120
		121	* Add the P-521 curve to the list of curves supported by default
		122	in the client.
		123
99	3.1.3 - Bug fix	124	3.1.3 - Bug fix
100		125
101	* libcrypto may fail to build a valid certificate chain due to	126	* libcrypto may fail to build a valid certificate chain due to