diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-09-07 13:18:22 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-09-07 13:18:22 +0200 |
| commit | 95a444c9adcad04035704ab3b5d749a185ef0960 (patch) | |
| tree | f66acb7900546681b9f14f90b5ea86bcae8f09f0 /CHANGES.md | |
| parent | 8e7d941ade3a86e352d9c3d601f61c033dc6788b (diff) | |
Last minute NEWS and CHANGES entries for the 3.0 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16533)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 48 |
1 files changed, 46 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md index 5ed84e657a..58dffb15ef 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -38,6 +38,37 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now + deprecated. + + *Matt Caswell* + + * The `OPENSSL_s390xcap` environment variable can be used to set bits in the + S390X capability vector to zero. This simplifies testing of different code + paths on S390X architecture. + + *Patrick Steuer* + + * Encrypting more than 2^64 TLS records with AES-GCM is disallowed + as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from + SP 800-38D". The communication will fail at this point. + + *Paul Dale* + + * The EC_GROUP_clear_free() function is deprecated as there is nothing + confidential in EC_GROUP data. + + *Nicola Tuveri* + + * The byte order mark (BOM) character is ignored if encountered at the + beginning of a PEM-formatted file. + + *Dmitry Belyavskiy* + + * Added CMS support for the Russian GOST algorithms. + + *Dmitry Belyavskiy* + * Due to move of the implementation of cryptographic operations to the providers, validation of various operation parameters can be postponed until the actual operation is executed where previously @@ -521,6 +552,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* + * Added various `_ex` functions to the OpenSSL API that support using + a non-default `OSSL_LIB_CTX`. + + *OpenSSL team* + * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. @@ -1234,11 +1270,19 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* - * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF. + * Added KB KDF (EVP_KDF_KB) to EVP_KDF. + + *Robbie Harwood* + + * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF. + + *Simo Sorce* + + * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF. *Shane Lontis* - * Add KMAC to EVP_MAC. + * Added KMAC to EVP_MAC. *Shane Lontis* |