This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [in pre-release]
+ Major changes between OpenSSL 1.0.2g and OpenSSL 1.1.0 [in pre-release]
+ o Added support for "pipelining"
+ o Added the AFALG engine
+ o New threading API implemented
o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
o Support for extended master secret
o CCM ciphersuites
o Reworked test suite, now based on perl, Test::Harness and Test::More
- o Varous libcrypto structures made opaque including: BIGNUM, EVP_MD,
+ o Various libcrypto structures made opaque including: BIGNUM, EVP_MD,
EVP_MD_CTX, HMAC_CTX, EVP_CIPHER and EVP_CIPHER_CTX.
o libssl internal structures made opaque
o SSLv2 support removed
o Application software can be compiled with -DOPENSSL_API_COMPAT=version
to ensure that features deprecated in that version are not exposed.
o Support for RFC6698/RFC7671 DANE TLSA peer authentication
+ o Change of Configure to use --prefix as the main installation
+ directory location rather than --openssldir. The latter becomes
+ the directory for certs, private key and openssl.cnf exclusively.
+ o Reworked BIO networking library, with full support for IPv6.
+ o New "unified" build system
+ o New security levels
+ o Support for scrypt algorithm
+ o Support for X25519
+ o Extended SSL_CONF support using configuration files
+ o KDF algorithm support. Implement TLS PRF as a KDF.
+ o Support for Certificate Transparency
+ o HKDF support.
+
+ Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
+
+ o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+ o Disable SSLv2 default build, default negotiation and weak ciphers
+ (CVE-2016-0800)
+ o Fix a double-free in DSA code (CVE-2016-0705)
+ o Disable SRP fake user seed to address a server memory leak
+ (CVE-2016-0798)
+ o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+ (CVE-2016-0797)
+ o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+ o Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
+ Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+ o DH small subgroups (CVE-2016-0701)
+ o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
o Add gcc 4.2 support.
- o Add support for AES and SSE2 assembly lanugauge optimization
+ o Add support for AES and SSE2 assembly language optimization
for VC++ build.
o Support for RFC4507bis and server name extensions if explicitly
selected at compile time.