diff options
| author | Matt Caswell <matt@openssl.org> | 2018-09-10 14:44:04 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-09-10 17:05:29 +0100 |
| commit | 6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1 (patch) | |
| tree | 52b571680e05107c8a7a9d8987e2d5c6b492076e /NEWS | |
| parent | 3f8b623aaa4044908900767a8991b7769b320880 (diff) | |
| download | openssl-new-6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1.tar.gz | |
More updates to CHANGES and NEWS for the 1.1.1 release
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 18 |
1 files changed, 16 insertions, 2 deletions
@@ -7,7 +7,19 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] - o Support for TLSv1.3 added + o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 + for further important information). The TLSv1.3 implementation includes: + o Fully compliant implementation of RFC8446 (TLSv1.3) on by default + o Early data (0-RTT) + o Post-handshake authentication and key update + o Middlebox Compatibility Mode + o TLSv1.3 PSKs + o Support for all five RFC8446 ciphersuites + o RSA-PSS signature algorithms (backported to TLSv1.2) + o Configurable session ticket support + o Stateless server support + o Rewrite of the packet construction code for "safer" packet handling + o Rewrite of the extension handling code o Complete rewrite of the OpenSSL random number generator to introduce the following capabilities o The default RAND method now utilizes an AES-CTR DRBG according to @@ -21,7 +33,7 @@ o Support for various new cryptographic algorithms including: o SHA3 o SHA512/224 and SHA512/256 - o EdDSA (including Ed25519 and Ed448) + o EdDSA (both Ed25519 and Ed448) including X509 and TLS support o X448 (adding to the existing X25519 support in 1.1.0) o Multi-prime RSA o SM2 @@ -30,6 +42,8 @@ o SipHash o ARIA (including TLS support) o Significant Side-Channel attack security improvements + o Add a new ClientHello callback to provide the ability to adjust the SSL + object at an early stage. o Add 'Maximum Fragment Length' TLS extension negotiation and support o A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other |