5 This file gives a brief overview of the major changes between each OpenSSL
6 release. For more details please read the CHANGES file.
8 Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
10 o New library section OCSP.
11 o Complete haul-over of the ASN.1 library section.
13 Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
15 o Some documentation for BIO and SSL libraries.
16 o Enhanced chain verification using key identifiers.
17 o New sign and verify options to 'dgst' application.
18 o Support for DER and PEM encoded messages in 'smime' application.
19 o New 'rsautl' application, low level RSA utility.
21 o Bugfix for SSL rollback padding check.
22 o Support for external crypto devices.
23 o Enhanced EVP interface.
25 Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
27 o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
28 o Shared library support for HPUX and Solaris-gcc
29 o Support of Linux/IA64
30 o Assembler support for Mingw32
31 o New 'rand' application
32 o New way to check for existence of algorithms from scripts
34 Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
36 o S/MIME support in new 'smime' command
37 o Documentation for the OpenSSL command line application
38 o Automation of 'req' application
39 o Fixes to make s_client, s_server work under Windows
40 o Support for multiple fieldnames in SPKACs
41 o New SPKAC command line utilty and associated library functions
42 o Options to allow passwords to be obtained from various sources
43 o New public key PEM format and options to handle it
44 o Many other fixes and enhancements to command line utilities
45 o Usable certificate chain verification
46 o Certificate purpose checking
47 o Certificate trust settings
48 o Support of authority information access extension
49 o Extensions in certificate requests
50 o Simplified X509 name and attribute routines
51 o Initial (incomplete) support for international character sets
52 o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
53 o Read only memory BIOs and simplified creation function
54 o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
55 record; allow fragmentation and interleaving of handshake and other
57 o TLS/SSL code now "tolerates" MS SGC
58 o Work around for Netscape client certificate hang bug
59 o RSA_NULL option that removes RSA patent code but keeps other
61 o Memory leak detection now allows applications to add extra information
62 via a per-thread stack
63 o PRNG robustness improved
65 o BIGNUM library bug fixes
66 o Faster DSA parameter generation
67 o Enhanced support for Alpha Linux
68 o Experimental MacOS support
70 Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
72 o Transparent support for PKCS#8 format private keys: these are used
73 by several software packages and are more secure than the standard
75 o PKCS#5 v2.0 implementation
76 o Password callbacks have a new void * argument for application data
77 o Avoid various memory leaks
78 o New pipe-like BIO that allows using the SSL library when actual I/O
79 must be handled by the application (BIO pair)
81 Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
82 o Lots of enhancements and cleanups to the Configuration mechanism
83 o RSA OEAP related fixes
84 o Added `openssl ca -revoke' option for revoking a certificate
85 o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
86 o Source tree cleanups: removed lots of obsolete files
87 o Thawte SXNet, certificate policies and CRL distribution points
89 o Preliminary (experimental) S/MIME support
90 o Support for ASN.1 UTF8String and VisibleString
91 o Full integration of PKCS#12 code
92 o Sparc assembler bignum implementation, optimized hash functions
93 o Option to disable selected ciphers
95 Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
96 o Fixed a security hole related to session resumption
97 o Fixed RSA encryption routines for the p < q case
98 o "ALL" in cipher lists now means "everything except NULL ciphers"
99 o Support for Triple-DES CBCM cipher
100 o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
101 o First support for new TLSv1 ciphers
102 o Added a few new BIOs (syslog BIO, reliable BIO)
103 o Extended support for DSA certificate/keys.
104 o Extended support for Certificate Signing Requests (CSR)
105 o Initial support for X.509v3 extensions
106 o Extended support for compression inside the SSL record layer
107 o Overhauled Win32 builds
108 o Cleanups and fixes to the Big Number (BN) library
109 o Support for ASN.1 GeneralizedTime
110 o Splitted ASN.1 SETs from SEQUENCEs
111 o ASN1 and PEM support for Netscape Certificate Sequences
112 o Overhauled Perl interface
113 o Lots of source tree cleanups.
114 o Lots of memory leak fixes.
117 Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
118 o Integration of the popular NO_RSA/NO_DSA patches
119 o Initial support for compression inside the SSL record layer
120 o Added BIO proxy and filtering functionality
121 o Extended Big Number (BN) library
122 o Added RIPE MD160 message digest
123 o Addeed support for RC2/64bit cipher
124 o Extended ASN.1 parser routines
125 o Adjustations of the source tree for CVS
126 o Support for various new platforms