diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-09-07 13:18:22 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-09-07 13:24:31 +0200 |
| commit | 00dbc7cc77d702c59a776b7726e54f3d29059f05 (patch) | |
| tree | b1e7a0613cb8113d44cce34b5c19c3fdd68ff9c8 /CHANGES.md | |
| parent | 4c4ab4d7efdf8c9b49c9838742a0fcd7321d88ff (diff) | |
Last minute NEWS and CHANGES entries for the 3.0 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16533)
(cherry picked from commit 95a444c9adcad04035704ab3b5d749a185ef0960)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 48 |
1 files changed, 46 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md index 5578b0e7e5..00d9246274 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,37 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now + deprecated. + + *Matt Caswell* + + * The `OPENSSL_s390xcap` environment variable can be used to set bits in the + S390X capability vector to zero. This simplifies testing of different code + paths on S390X architecture. + + *Patrick Steuer* + + * Encrypting more than 2^64 TLS records with AES-GCM is disallowed + as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from + SP 800-38D". The communication will fail at this point. + + *Paul Dale* + + * The EC_GROUP_clear_free() function is deprecated as there is nothing + confidential in EC_GROUP data. + + *Nicola Tuveri* + + * The byte order mark (BOM) character is ignored if encountered at the + beginning of a PEM-formatted file. + + *Dmitry Belyavskiy* + + * Added CMS support for the Russian GOST algorithms. + + *Dmitry Belyavskiy* + * Due to move of the implementation of cryptographic operations to the providers, validation of various operation parameters can be postponed until the actual operation is executed where previously @@ -513,6 +544,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* + * Added various `_ex` functions to the OpenSSL API that support using + a non-default `OSSL_LIB_CTX`. + + *OpenSSL team* + * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. @@ -1226,11 +1262,19 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* - * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF. + * Added KB KDF (EVP_KDF_KB) to EVP_KDF. + + *Robbie Harwood* + + * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF. + + *Simo Sorce* + + * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF. *Shane Lontis* - * Add KMAC to EVP_MAC. + * Added KMAC to EVP_MAC. *Shane Lontis* |