This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.1 [under development]
-
- o Support for TLSv1.3 added
+ Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [under development]
+
+ o
+
+ Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+
+ o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
+
+ Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+ o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
+ Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
+
+ o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ used in exponentiation with 512-bit moduli (CVE-2019-1551)
+ o Properly detect unexpected EOF while reading in libssl and report
+ it via SSL_ERROR_SSL
+
+ Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
+
+ o Fixed a fork protection issue (CVE-2019-1549)
+ o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
+ (CVE-2019-1563)
+ o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+ used even when parsing explicit parameters
+ o Compute ECC cofactors if not provided during EC_GROUP construction
+ (CVE-2019-1547)
+ o Early start up entropy quality from the DEVRANDOM seed source has been
+ improved for older Linux systems
+ o Correct the extended master secret constant on EBCDIC systems
+ o Use Windows installation paths in the mingw builds (CVE-2019-1552)
+ o Changed DH_check to accept parameters with order q and 2q subgroups
+ o Significantly reduce secure memory usage by the randomness pools
+ o Revert the DEVRANDOM_WAIT feature for Linux systems
+
+ Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
+
+ o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
+
+ Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
+
+ o Change the info callback signals for the start and end of a post-handshake
+ message exchange in TLSv1.3.
+ o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
+ of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
+
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
+ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
+
+ o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
+ for further important information). The TLSv1.3 implementation includes:
+ o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+ o Early data (0-RTT)
+ o Post-handshake authentication and key update
+ o Middlebox Compatibility Mode
+ o TLSv1.3 PSKs
+ o Support for all five RFC8446 ciphersuites
+ o RSA-PSS signature algorithms (backported to TLSv1.2)
+ o Configurable session ticket support
+ o Stateless server support
+ o Rewrite of the packet construction code for "safer" packet handling
+ o Rewrite of the extension handling code
+ o Complete rewrite of the OpenSSL random number generator to introduce the
+ following capabilities
+ o The default RAND method now utilizes an AES-CTR DRBG according to
+ NIST standard SP 800-90Ar1.
+ o Support for multiple DRBG instances with seed chaining.
+ o There is a public and private DRBG instance.
+ o The DRBG instances are fork-safe.
+ o Keep all global DRBG instances on the secure heap if it is enabled.
+ o The public and private DRBG instance are per thread for lock free
+ operation
+ o Support for various new cryptographic algorithms including:
+ o SHA3
+ o SHA512/224 and SHA512/256
+ o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
+ o X448 (adding to the existing X25519 support in 1.1.0)
+ o Multi-prime RSA
+ o SM2
+ o SM3
+ o SM4
+ o SipHash
+ o ARIA (including TLS support)
+ o Significant Side-Channel attack security improvements
+ o Add a new ClientHello callback to provide the ability to adjust the SSL
+ object at an early stage.
+ o Add 'Maximum Fragment Length' TLS extension negotiation and support
+ o A new STORE module, which implements a uniform and URI based reader of
+ stores that can contain keys, certificates, CRLs and numerous other
+ objects.
o Move the display of configuration data to configdata.pm.
o Allow GNU style "make variables" to be used with Configure.
- o Add a STORE module (OSSL_STORE)
o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
- o Add multi-prime RSA (RFC 8017) support
- o Add SM3 implemented according to GB/T 32905-2016
- o Add SM4 implemented according to GB/T 32907-2016.
- o Add 'Maximum Fragment Length' TLS extension negotiation and support
- o Add ARIA support
- o Add SHA3
o Rewrite of devcrypto engine
- o Add support for SipHash
- o Grand redesign of the OpenSSL random generator
+
+ Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
+
+ o Client DoS due to large DH parameter (CVE-2018-0732)
+ o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
+ o Constructed ASN.1 types with a recursive definition could exceed the
+ stack (CVE-2018-0739)
+ o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
- o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+ o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: