diff options
| author | Matt Caswell <matt@openssl.org> | 2018-09-10 15:44:04 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-09-10 18:05:29 +0200 |
| commit | 6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1 (patch) | |
| tree | 52b571680e05107c8a7a9d8987e2d5c6b492076e /NEWS | |
| parent | Updates NEWS for the 1.1.1 release (diff) | |
| download | openssl-6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1.tar.xz openssl-6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1.zip | |
More updates to CHANGES and NEWS for the 1.1.1 release
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)
Diffstat (limited to '')
| -rw-r--r-- | NEWS | 18 |
1 files changed, 16 insertions, 2 deletions
@@ -7,7 +7,19 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] - o Support for TLSv1.3 added + o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 + for further important information). The TLSv1.3 implementation includes: + o Fully compliant implementation of RFC8446 (TLSv1.3) on by default + o Early data (0-RTT) + o Post-handshake authentication and key update + o Middlebox Compatibility Mode + o TLSv1.3 PSKs + o Support for all five RFC8446 ciphersuites + o RSA-PSS signature algorithms (backported to TLSv1.2) + o Configurable session ticket support + o Stateless server support + o Rewrite of the packet construction code for "safer" packet handling + o Rewrite of the extension handling code o Complete rewrite of the OpenSSL random number generator to introduce the following capabilities o The default RAND method now utilizes an AES-CTR DRBG according to @@ -21,7 +33,7 @@ o Support for various new cryptographic algorithms including: o SHA3 o SHA512/224 and SHA512/256 - o EdDSA (including Ed25519 and Ed448) + o EdDSA (both Ed25519 and Ed448) including X509 and TLS support o X448 (adding to the existing X25519 support in 1.1.0) o Multi-prime RSA o SM2 @@ -30,6 +42,8 @@ o SipHash o ARIA (including TLS support) o Significant Side-Channel attack security improvements + o Add a new ClientHello callback to provide the ability to adjust the SSL + object at an early stage. o Add 'Maximum Fragment Length' TLS extension negotiation and support o A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other |