Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]
+ *) Correct the extended master secret constant on EBCDIC systems. Without this
+ fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+ negotiate EMS will fail. Unfortunately this also means that TLS connections
+ between EBCDIC systems with this fix, and EBCDIC systems without this
+ fix will fail if they negotiate EMS.
+ [Matt Caswell]
+
+ *) Use Windows installation paths in the mingw builds
+
+ Mingw isn't a POSIX environment per se, which means that Windows
+ paths should be used for installation.
+ (CVE-2019-1552)
+ [Richard Levitte]
+
+ *) Changed DH parameters to generate the order q subgroup instead of 2q.
+ Previously generated DH parameters are still accepted by DH_check
+ but DH_generate_key works around that by clearing bit 0 of the
+ private key for those. This avoids leaking bit 0 of the private key.
+ [Bernd Edlinger]
+
+ *) Significantly reduce secure memory usage by the randomness pools.
+ [Paul Dale]
+
*) Revert the DEVRANDOM_WAIT feature for Linux systems
The DEVRANDOM_WAIT feature added a select() call to wait for the
SSL_set_ciphersuites()
[Matt Caswell]
- *) Memory allocation failures consistenly add an error to the error
+ *) Memory allocation failures consistently add an error to the error
stack.
[Rich Salz]