This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
+
+ o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+ o Include the fips configuration module.
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+ Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+
+ o Fix TLS/DTLS record length checking bug CVE-2012-2333
+ o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+ Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
+
+ o Fix compilation error on non-x86 platforms.
+ o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+ o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+ Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+ o Workarounds for some servers that hang on long client hellos.
+ o Fix SEGV in AES code.
+
+ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
+
+ o TLS/DTLS heartbeat support.
+ o SCTP support.
+ o RFC 5705 TLS key material exporter.
+ o RFC 5764 DTLS-SRTP negotiation.
+ o Next Protocol Negotiation.
+ o PSS signatures in certificates, requests and CRLs.
+ o Support for password based recipient info for CMS.
+ o Support TLS v1.2 and TLS v1.1.
+ o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+ o SRP support.
+
+ Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
+
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ o Corrected fix for CVE-2011-4619
+ o Various DTLS fixes.
+
+ Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
+
+ o Fix for DTLS DoS issue CVE-2012-0050
+
+ Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
+
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+ o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+ o Check for malformed RFC3779 data CVE-2011-4577
+
+ Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+
+ o Fix for CRL vulnerability issue CVE-2011-3207
+ o Fix for ECDH crashes CVE-2011-3210
+ o Protection against EC timing attacks.
+ o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+ o Various DTLS fixes.
+
+ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+
+ o Fix for security issue CVE-2011-0014
+
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
o Fix for security issue CVE-2010-4180
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+
+ o Fix for security issue CVE-2011-0014
+
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+
+ o Fix for security issue CVE-2010-4180
+ o Fix for CVE-2010-4252
+
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+
+ o Fix for security issue CVE-2010-3864.
+
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
o Fix for security issue CVE-2010-0742.