+ Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [under development]
+
+ o
+
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
+ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
+
+ o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
+ for further important information). The TLSv1.3 implementation includes:
+ o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+ o Early data (0-RTT)
+ o Post-handshake authentication and key update
+ o Middlebox Compatibility Mode
+ o TLSv1.3 PSKs
+ o Support for all five RFC8446 ciphersuites
+ o RSA-PSS signature algorithms (backported to TLSv1.2)
+ o Configurable session ticket support
+ o Stateless server support
+ o Rewrite of the packet construction code for "safer" packet handling
+ o Rewrite of the extension handling code
+ o Complete rewrite of the OpenSSL random number generator to introduce the
+ following capabilities
+ o The default RAND method now utilizes an AES-CTR DRBG according to
+ NIST standard SP 800-90Ar1.
+ o Support for multiple DRBG instances with seed chaining.
+ o There is a public and private DRBG instance.
+ o The DRBG instances are fork-safe.
+ o Keep all global DRBG instances on the secure heap if it is enabled.
+ o The public and private DRBG instance are per thread for lock free
+ operation
+ o Support for various new cryptographic algorithms including:
+ o SHA3
+ o SHA512/224 and SHA512/256
+ o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
+ o X448 (adding to the existing X25519 support in 1.1.0)
+ o Multi-prime RSA
+ o SM2
+ o SM3
+ o SM4
+ o SipHash
+ o ARIA (including TLS support)
+ o Significant Side-Channel attack security improvements
+ o Add a new ClientHello callback to provide the ability to adjust the SSL
+ object at an early stage.
+ o Add 'Maximum Fragment Length' TLS extension negotiation and support
+ o A new STORE module, which implements a uniform and URI based reader of
+ stores that can contain keys, certificates, CRLs and numerous other
+ objects.
+ o Move the display of configuration data to configdata.pm.
+ o Allow GNU style "make variables" to be used with Configure.
+ o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
+ o Rewrite of devcrypto engine
+
+ Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
+
+ o Client DoS due to large DH parameter (CVE-2018-0732)
+ o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
+ Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
+
+ o Constructed ASN.1 types with a recursive definition could exceed the
+ stack (CVE-2018-0739)
+ o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+ o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+
+ Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
+
+ o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+ o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
+ Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
+
+ o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
+ Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
+
+ o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
+
+ Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
+
+ o Truncated packet could crash via OOB read (CVE-2017-3731)
+ o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
+ o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+
+ Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+
+ o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+ o CMS Null dereference (CVE-2016-7053)
+ o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+ Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+
+ o Fix Use After Free for large message sizes (CVE-2016-6309)
+
+ Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+
+ o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+ o SSL_peek() hang on empty record (CVE-2016-6305)
+ o Excessive allocation of memory in tls_get_message_header()
+ (CVE-2016-6307)
+ o Excessive allocation of memory in dtls1_preprocess_fragment()
+ (CVE-2016-6308)
+
+ Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
+
+ o Copyright text was shrunk to a boilerplate that points to the license
+ o "shared" builds are now the default when possible
+ o Added support for "pipelining"
+ o Added the AFALG engine
+ o New threading API implemented