diff options
| author | Matt Caswell <matt@openssl.org> | 2018-09-10 11:51:30 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-09-10 13:59:46 +0100 |
| commit | 3f8b623aaa4044908900767a8991b7769b320880 (patch) | |
| tree | c97acbe3409428813bb00bb2275e772ece49b8ce | |
| parent | 7a8f6cad82d0b01732066bd7ef189e753c98cffe (diff) | |
Updates NEWS for the 1.1.1 release
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7164)
| -rw-r--r-- | NEWS | 35 |
1 files changed, 26 insertions, 9 deletions
@@ -8,19 +8,36 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] o Support for TLSv1.3 added + o Complete rewrite of the OpenSSL random number generator to introduce the + following capabilities + o The default RAND method now utilizes an AES-CTR DRBG according to + NIST standard SP 800-90Ar1. + o Support for multiple DRBG instances with seed chaining. + o There is a public and private DRBG instance. + o The DRBG instances are fork-safe. + o Keep all global DRBG instances on the secure heap if it is enabled. + o The public and private DRBG instance are per thread for lock free + operation + o Support for various new cryptographic algorithms including: + o SHA3 + o SHA512/224 and SHA512/256 + o EdDSA (including Ed25519 and Ed448) + o X448 (adding to the existing X25519 support in 1.1.0) + o Multi-prime RSA + o SM2 + o SM3 + o SM4 + o SipHash + o ARIA (including TLS support) + o Significant Side-Channel attack security improvements + o Add 'Maximum Fragment Length' TLS extension negotiation and support + o A new STORE module, which implements a uniform and URI based reader of + stores that can contain keys, certificates, CRLs and numerous other + objects. o Move the display of configuration data to configdata.pm. o Allow GNU style "make variables" to be used with Configure. - o Add a STORE module (OSSL_STORE) o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes - o Add multi-prime RSA (RFC 8017) support - o Add SM3 implemented according to GB/T 32905-2016 - o Add SM4 implemented according to GB/T 32907-2016. - o Add 'Maximum Fragment Length' TLS extension negotiation and support - o Add ARIA support - o Add SHA3 o Rewrite of devcrypto engine - o Add support for SipHash - o Grand redesign of the OpenSSL random generator Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development] |