1NEWS 2==== 3 4This file gives a brief overview of the major changes between each OpenSSL 5release. For more details please read the CHANGES file. 6 7OpenSSL Releases 8---------------- 9 10 - [OpenSSL 3.0](#openssl-30) 11 - [OpenSSL 1.1.1](#openssl-111) 12 - [OpenSSL 1.1.0](#openssl-110) 13 - [OpenSSL 1.0.2](#openssl-102) 14 - [OpenSSL 1.0.1](#openssl-101) 15 - [OpenSSL 1.0.0](#openssl-100) 16 - [OpenSSL 0.9.x](#openssl-09x) 17 18OpenSSL 3.0 19----------- 20 21### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023] 22 23 * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817]) 24 * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446]) 25 * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975]) 26 27### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023] 28 29 * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT 30 IDENTIFIER sub-identities. ([CVE-2023-2650]) 31 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms 32 ([CVE-2023-1255]) 33 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466]) 34 * Fixed handling of invalid certificate policies in leaf certificates 35 ([CVE-2023-0465]) 36 * Limited the number of nodes created in a policy tree ([CVE-2023-0464]) 37 38### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] 39 40 * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) 41 * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286]) 42 * Fixed NULL dereference validating DSA public key ([CVE-2023-0217]) 43 * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216]) 44 * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215]) 45 * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450]) 46 * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304]) 47 * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203]) 48 * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996]) 49 50### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] 51 52 * Added RIPEMD160 to the default provider. 53 * Fixed regressions introduced in 3.0.6 version. 54 * Fixed two buffer overflows in punycode decoding functions. 55 ([CVE-2022-3786]) and ([CVE-2022-3602]) 56 57### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022] 58 59 * Fix for custom ciphers to prevent accidental use of NULL encryption 60 ([CVE-2022-3358]) 61 62### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022] 63 64 * Fixed heap memory corruption with RSA private key operation 65 ([CVE-2022-2274]) 66 * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms 67 ([CVE-2022-2097]) 68 69### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] 70 71 * Fixed additional bugs in the c_rehash script which was not properly 72 sanitising shell metacharacters to prevent command injection 73 ([CVE-2022-2068]) 74 75### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022] 76 77 * Fixed a bug in the c_rehash script which was not properly sanitising shell 78 metacharacters to prevent command injection ([CVE-2022-1292]) 79 * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer 80 certificate on an OCSP response ([CVE-2022-1343]) 81 * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the 82 AAD data as the MAC key ([CVE-2022-1434]) 83 * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory 84 occuppied by the removed hash table entries ([CVE-2022-1473]) 85 86### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] 87 88 * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever 89 for non-prime moduli ([CVE-2022-0778]) 90 91### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021] 92 93 * Fixed invalid handling of X509_verify_cert() internal errors in libssl 94 ([CVE-2021-4044]) 95 * Allow fetching an operation from the provider that owns an unexportable key 96 as a fallback if that is still allowed by the property query. 97 98### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021] 99 100 * Enhanced 'openssl list' with many new options. 101 * Added migration guide to man7. 102 * Implemented support for fully "pluggable" TLSv1.3 groups. 103 * Added suport for Kernel TLS (KTLS). 104 * Changed the license to the Apache License v2.0. 105 * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, 106 RC4, RC5, and DES to the legacy provider. 107 * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy 108 provider. 109 * Added convenience functions for generating asymmetric key pairs. 110 * Deprecated the `OCSP_REQ_CTX` type and functions. 111 * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. 112 * Deprecated the `RSA` and `RSA_METHOD` types and functions. 113 * Deprecated the `DSA` and `DSA_METHOD` types and functions. 114 * Deprecated the `DH` and `DH_METHOD` types and functions. 115 * Deprecated the `ERR_load_` functions. 116 * Remove the `RAND_DRBG` API. 117 * Deprecated the `ENGINE` API. 118 * Added `OSSL_LIB_CTX`, a libcrypto library context. 119 * Added various `_ex` functions to the OpenSSL API that support using 120 a non-default `OSSL_LIB_CTX`. 121 * Interactive mode is removed from the 'openssl' program. 122 * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are 123 included in the FIPS provider. 124 * X509 certificates signed using SHA1 are no longer allowed at security 125 level 1 or higher. The default security level for TLS is 1, so 126 certificates signed using SHA1 are by default no longer trusted to 127 authenticate servers or clients. 128 * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly 129 disabled; the project uses address sanitize/leak-detect instead. 130 * Added a Certificate Management Protocol (CMP, RFC 4210) implementation 131 also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). 132 It is part of the crypto lib and adds a 'cmp' app with a demo configuration. 133 All widely used CMP features are supported for both clients and servers. 134 * Added a proper HTTP client supporting GET with optional redirection, POST, 135 arbitrary request and response content types, TLS, persistent connections, 136 connections via HTTP(s) proxies, connections and exchange via user-defined 137 BIOs (allowing implicit connections), and timeout checks. 138 * Added util/check-format.pl for checking adherence to the coding guidelines. 139 * Added OSSL_ENCODER, a generic encoder API. 140 * Added OSSL_DECODER, a generic decoder API. 141 * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. 142 * Added error raising macros, ERR_raise() and ERR_raise_data(). 143 * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), 144 ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and 145 ERR_func_error_string(). 146 * Added OSSL_PROVIDER_available(), to check provider availibility. 147 * Added 'openssl mac' that uses the EVP_MAC API. 148 * Added 'openssl kdf' that uses the EVP_KDF API. 149 * Add OPENSSL_info() and 'openssl info' to get built-in data. 150 * Add support for enabling instrumentation through trace and debug 151 output. 152 * Changed our version number scheme and set the next major release to 153 3.0.0 154 * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC 155 bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 156 and SIPHASH. 157 * Removed the heartbeat message in DTLS feature. 158 * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to 159 EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, 160 PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. 161 * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, 162 SHA256, SHA384, SHA512 and Whirlpool digest functions have been 163 deprecated. 164 * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, 165 RC4, RC5 and SEED cipher functions have been deprecated. 166 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions 167 have been deprecated. 168 * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, 169 except when RSA key exchange without SHA1 is used. 170 * Added providers, a new pluggability concept that will replace the 171 ENGINE API and ENGINE implementations. 172 173OpenSSL 1.1.1 174------------- 175 176### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] 177 178 * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) 179 * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) 180 181### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] 182 183 * Fixed a problem with verifying a certificate chain when using the 184 X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) 185 * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously 186 crafted renegotiation ClientHello message from a client ([CVE-2021-3449]) 187 188### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] 189 190 * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() 191 function ([CVE-2021-23841]) 192 * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING 193 padding mode to correctly check for rollback attacks 194 * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and 195 EVP_DecryptUpdate functions ([CVE-2021-23840]) 196 * Fixed SRP_Calc_client_key so that it runs in constant time 197 198### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] 199 200 * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971]) 201 202### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] 203 204 * Disallow explicit curve parameters in verifications chains when 205 X509_V_FLAG_X509_STRICT is used 206 * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS 207 contexts 208 * Oracle Developer Studio will start reporting deprecation warnings 209 210### Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] 211 212 * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967]) 213 214### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] 215 216 * Revert the unexpected EOF reporting via SSL_ERROR_SSL 217 218### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] 219 220 * Fixed an overflow bug in the x64_64 Montgomery squaring procedure 221 used in exponentiation with 512-bit moduli ([CVE-2019-1551]) 222 223### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] 224 225 * Fixed a fork protection issue ([CVE-2019-1549]) 226 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 227 ([CVE-2019-1563]) 228 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 229 used even when parsing explicit parameters 230 * Compute ECC cofactors if not provided during EC_GROUP construction 231 ([CVE-2019-1547]) 232 * Early start up entropy quality from the DEVRANDOM seed source has been 233 improved for older Linux systems 234 * Correct the extended master secret constant on EBCDIC systems 235 * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) 236 * Changed DH_check to accept parameters with order q and 2q subgroups 237 * Significantly reduce secure memory usage by the randomness pools 238 * Revert the DEVRANDOM_WAIT feature for Linux systems 239 240### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] 241 242 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) 243 244### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] 245 246 * Change the info callback signals for the start and end of a post-handshake 247 message exchange in TLSv1.3. 248 * Fix a bug in DTLS over SCTP. This breaks interoperability with older 249 versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. 250 251### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] 252 253 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 254 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) 255 256### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] 257 258 * Support for TLSv1.3 added. The TLSv1.3 implementation includes: 259 * Fully compliant implementation of RFC8446 (TLSv1.3) on by default 260 * Early data (0-RTT) 261 * Post-handshake authentication and key update 262 * Middlebox Compatibility Mode 263 * TLSv1.3 PSKs 264 * Support for all five RFC8446 ciphersuites 265 * RSA-PSS signature algorithms (backported to TLSv1.2) 266 * Configurable session ticket support 267 * Stateless server support 268 * Rewrite of the packet construction code for "safer" packet handling 269 * Rewrite of the extension handling code 270 For further important information, see the [TLS1.3 page]( 271 https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki. 272 273 * Complete rewrite of the OpenSSL random number generator to introduce the 274 following capabilities 275 * The default RAND method now utilizes an AES-CTR DRBG according to 276 NIST standard SP 800-90Ar1. 277 * Support for multiple DRBG instances with seed chaining. 278 * There is a public and private DRBG instance. 279 * The DRBG instances are fork-safe. 280 * Keep all global DRBG instances on the secure heap if it is enabled. 281 * The public and private DRBG instance are per thread for lock free 282 operation 283 * Support for various new cryptographic algorithms including: 284 * SHA3 285 * SHA512/224 and SHA512/256 286 * EdDSA (both Ed25519 and Ed448) including X509 and TLS support 287 * X448 (adding to the existing X25519 support in 1.1.0) 288 * Multi-prime RSA 289 * SM2 290 * SM3 291 * SM4 292 * SipHash 293 * ARIA (including TLS support) 294 * Significant Side-Channel attack security improvements 295 * Add a new ClientHello callback to provide the ability to adjust the SSL 296 object at an early stage. 297 * Add 'Maximum Fragment Length' TLS extension negotiation and support 298 * A new STORE module, which implements a uniform and URI based reader of 299 stores that can contain keys, certificates, CRLs and numerous other 300 objects. 301 * Move the display of configuration data to configdata.pm. 302 * Allow GNU style "make variables" to be used with Configure. 303 * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes 304 * Rewrite of devcrypto engine 305 306OpenSSL 1.1.0 307------------- 308 309### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] 310 311 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 312 ([CVE-2019-1563]) 313 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 314 used even when parsing explicit parameters 315 * Compute ECC cofactors if not provided during EC_GROUP construction 316 ([CVE-2019-1547]) 317 * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) 318 319### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] 320 321 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) 322 323### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] 324 325 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 326 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) 327 328### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] 329 330 * Client DoS due to large DH parameter ([CVE-2018-0732]) 331 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) 332 333### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] 334 335 * Constructed ASN.1 types with a recursive definition could exceed the 336 stack ([CVE-2018-0739]) 337 * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733]) 338 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) 339 340### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] 341 342 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) 343 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) 344 345### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] 346 347 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw 348 349### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] 350 351 * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733]) 352 353### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] 354 355 * Truncated packet could crash via OOB read ([CVE-2017-3731]) 356 * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730]) 357 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) 358 359### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] 360 361 * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054]) 362 * CMS Null dereference ([CVE-2016-7053]) 363 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) 364 365### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] 366 367 * Fix Use After Free for large message sizes ([CVE-2016-6309]) 368 369### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] 370 371 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 372 * SSL_peek() hang on empty record ([CVE-2016-6305]) 373 * Excessive allocation of memory in tls_get_message_header() 374 ([CVE-2016-6307]) 375 * Excessive allocation of memory in dtls1_preprocess_fragment() 376 ([CVE-2016-6308]) 377 378### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] 379 380 * Copyright text was shrunk to a boilerplate that points to the license 381 * "shared" builds are now the default when possible 382 * Added support for "pipelining" 383 * Added the AFALG engine 384 * New threading API implemented 385 * Support for ChaCha20 and Poly1305 added to libcrypto and libssl 386 * Support for extended master secret 387 * CCM ciphersuites 388 * Reworked test suite, now based on perl, Test::Harness and Test::More 389 * *Most* libcrypto and libssl public structures were made opaque, 390 including: 391 BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, 392 DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, 393 BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, 394 EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, 395 X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, 396 X509_LOOKUP, X509_LOOKUP_METHOD 397 * libssl internal structures made opaque 398 * SSLv2 support removed 399 * Kerberos ciphersuite support removed 400 * RC4 removed from DEFAULT ciphersuites in libssl 401 * 40 and 56 bit cipher support removed from libssl 402 * All public header files moved to include/openssl, no more symlinking 403 * SSL/TLS state machine, version negotiation and record layer rewritten 404 * EC revision: now operations use new EC_KEY_METHOD. 405 * Support for OCB mode added to libcrypto 406 * Support for asynchronous crypto operations added to libcrypto and libssl 407 * Deprecated interfaces can now be disabled at build time either 408 relative to the latest release via the "no-deprecated" Configure 409 argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. 410 * Application software can be compiled with -DOPENSSL_API_COMPAT=version 411 to ensure that features deprecated in that version are not exposed. 412 * Support for RFC6698/RFC7671 DANE TLSA peer authentication 413 * Change of Configure to use --prefix as the main installation 414 directory location rather than --openssldir. The latter becomes 415 the directory for certs, private key and openssl.cnf exclusively. 416 * Reworked BIO networking library, with full support for IPv6. 417 * New "unified" build system 418 * New security levels 419 * Support for scrypt algorithm 420 * Support for X25519 421 * Extended SSL_CONF support using configuration files 422 * KDF algorithm support. Implement TLS PRF as a KDF. 423 * Support for Certificate Transparency 424 * HKDF support. 425 426OpenSSL 1.0.2 427------------- 428 429### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] 430 431 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 432 ([CVE-2019-1563]) 433 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 434 used even when parsing explicit parameters 435 * Compute ECC cofactors if not provided during EC_GROUP construction 436 ([CVE-2019-1547]) 437 * Document issue with installation paths in diverse Windows builds 438 ([CVE-2019-1552]) 439 440### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] 441 442 * None 443 444### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] 445 446 * 0-byte record padding oracle ([CVE-2019-1559]) 447 448### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] 449 450 * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407]) 451 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 452 453### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] 454 455 * Client DoS due to large DH parameter ([CVE-2018-0732]) 456 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) 457 458### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] 459 460 * Constructed ASN.1 types with a recursive definition could exceed the 461 stack ([CVE-2018-0739]) 462 463### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] 464 465 * Read/write after SSL object in error state ([CVE-2017-3737]) 466 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) 467 468### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] 469 470 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) 471 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) 472 473### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] 474 475 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw 476 477### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] 478 479 * Truncated packet could crash via OOB read ([CVE-2017-3731]) 480 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) 481 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) 482 483### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] 484 485 * Missing CRL sanity check ([CVE-2016-7052]) 486 487### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] 488 489 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 490 * SWEET32 Mitigation ([CVE-2016-2183]) 491 * OOB write in MDC2_Update() ([CVE-2016-6303]) 492 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 493 * OOB write in BN_bn2dec() ([CVE-2016-2182]) 494 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) 495 * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) 496 * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) 497 * DTLS buffered message DoS ([CVE-2016-2179]) 498 * DTLS replay protection DoS ([CVE-2016-2181]) 499 * Certificate message OOB reads ([CVE-2016-6306]) 500 501### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] 502 503 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) 504 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) 505 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) 506 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) 507 * EBCDIC overread ([CVE-2016-2176]) 508 * Modify behavior of ALPN to invoke callback after SNI/servername 509 callback, such that updates to the SSL_CTX affect ALPN. 510 * Remove LOW from the DEFAULT cipher list. This removes singles DES from 511 the default. 512 * Only remove the SSLv2 methods with the no-ssl2-method option. 513 514### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] 515 516 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. 517 * Disable SSLv2 default build, default negotiation and weak ciphers 518 ([CVE-2016-0800]) 519 * Fix a double-free in DSA code ([CVE-2016-0705]) 520 * Disable SRP fake user seed to address a server memory leak 521 ([CVE-2016-0798]) 522 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 523 ([CVE-2016-0797]) 524 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) 525 * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) 526 527### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] 528 529 * DH small subgroups ([CVE-2016-0701]) 530 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) 531 532### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] 533 534 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193]) 535 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) 536 * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) 537 * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs 538 * In DSA_generate_parameters_ex, if the provided seed is too short, 539 return an error 540 541### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] 542 543 * Alternate chains certificate forgery ([CVE-2015-1793]) 544 * Race condition handling PSK identify hint ([CVE-2015-3196]) 545 546### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] 547 548 * Fix HMAC ABI incompatibility 549 550### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] 551 552 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 553 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 554 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 555 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 556 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 557 558### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] 559 560 * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291]) 561 * Multiblock corrupted pointer fix ([CVE-2015-0290]) 562 * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207]) 563 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 564 * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208]) 565 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 566 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 567 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 568 * Empty CKE with client auth and DHE fix ([CVE-2015-1787]) 569 * Handshake with unseeded PRNG fix ([CVE-2015-0285]) 570 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 571 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 572 * Removed the export ciphers from the DEFAULT ciphers 573 574### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] 575 576 * Suite B support for TLS 1.2 and DTLS 1.2 577 * Support for DTLS 1.2 578 * TLS automatic EC curve selection. 579 * API to set TLS supported signature algorithms and curves 580 * SSL_CONF configuration API. 581 * TLS Brainpool support. 582 * ALPN support. 583 * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. 584 585OpenSSL 1.0.1 586------------- 587 588### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] 589 590 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 591 * SWEET32 Mitigation ([CVE-2016-2183]) 592 * OOB write in MDC2_Update() ([CVE-2016-6303]) 593 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 594 * OOB write in BN_bn2dec() ([CVE-2016-2182]) 595 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) 596 * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) 597 * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) 598 * DTLS buffered message DoS ([CVE-2016-2179]) 599 * DTLS replay protection DoS ([CVE-2016-2181]) 600 * Certificate message OOB reads ([CVE-2016-6306]) 601 602### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] 603 604 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) 605 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) 606 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) 607 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) 608 * EBCDIC overread ([CVE-2016-2176]) 609 * Modify behavior of ALPN to invoke callback after SNI/servername 610 callback, such that updates to the SSL_CTX affect ALPN. 611 * Remove LOW from the DEFAULT cipher list. This removes singles DES from 612 the default. 613 * Only remove the SSLv2 methods with the no-ssl2-method option. 614 615### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] 616 617 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. 618 * Disable SSLv2 default build, default negotiation and weak ciphers 619 ([CVE-2016-0800]) 620 * Fix a double-free in DSA code ([CVE-2016-0705]) 621 * Disable SRP fake user seed to address a server memory leak 622 ([CVE-2016-0798]) 623 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 624 ([CVE-2016-0797]) 625 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) 626 * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) 627 628### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] 629 630 * Protection for DH small subgroup attacks 631 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) 632 633### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] 634 635 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) 636 * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) 637 * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs 638 * In DSA_generate_parameters_ex, if the provided seed is too short, 639 return an error 640 641### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] 642 643 * Alternate chains certificate forgery ([CVE-2015-1793]) 644 * Race condition handling PSK identify hint ([CVE-2015-3196]) 645 646### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] 647 648 * Fix HMAC ABI incompatibility 649 650### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] 651 652 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 653 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 654 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 655 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 656 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 657 658### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] 659 660 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 661 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 662 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 663 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 664 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 665 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 666 * Removed the export ciphers from the DEFAULT ciphers 667 668### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] 669 670 * Build fixes for the Windows and OpenVMS platforms 671 672### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] 673 674 * Fix for [CVE-2014-3571] 675 * Fix for [CVE-2015-0206] 676 * Fix for [CVE-2014-3569] 677 * Fix for [CVE-2014-3572] 678 * Fix for [CVE-2015-0204] 679 * Fix for [CVE-2015-0205] 680 * Fix for [CVE-2014-8275] 681 * Fix for [CVE-2014-3570] 682 683### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] 684 685 * Fix for [CVE-2014-3513] 686 * Fix for [CVE-2014-3567] 687 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) 688 * Fix for [CVE-2014-3568] 689 690### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] 691 692 * Fix for [CVE-2014-3512] 693 * Fix for [CVE-2014-3511] 694 * Fix for [CVE-2014-3510] 695 * Fix for [CVE-2014-3507] 696 * Fix for [CVE-2014-3506] 697 * Fix for [CVE-2014-3505] 698 * Fix for [CVE-2014-3509] 699 * Fix for [CVE-2014-5139] 700 * Fix for [CVE-2014-3508] 701 702### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] 703 704 * Fix for [CVE-2014-0224] 705 * Fix for [CVE-2014-0221] 706 * Fix for [CVE-2014-0198] 707 * Fix for [CVE-2014-0195] 708 * Fix for [CVE-2014-3470] 709 * Fix for [CVE-2010-5298] 710 711### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] 712 713 * Fix for [CVE-2014-0160] 714 * Add TLS padding extension workaround for broken servers. 715 * Fix for [CVE-2014-0076] 716 717### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] 718 719 * Don't include gmt_unix_time in TLS server and client random values 720 * Fix for TLS record tampering bug ([CVE-2013-4353]) 721 * Fix for TLS version checking bug ([CVE-2013-6449]) 722 * Fix for DTLS retransmission bug ([CVE-2013-6450]) 723 724### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] 725 726 * Corrected fix for ([CVE-2013-0169]) 727 728### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] 729 730 * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. 731 * Include the fips configuration module. 732 * Fix OCSP bad key DoS attack ([CVE-2013-0166]) 733 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) 734 * Fix for TLS AESNI record handling flaw ([CVE-2012-2686]) 735 736### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] 737 738 * Fix TLS/DTLS record length checking bug ([CVE-2012-2333]) 739 * Don't attempt to use non-FIPS composite ciphers in FIPS mode. 740 741### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] 742 743 * Fix compilation error on non-x86 platforms. 744 * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. 745 * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 746 747### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] 748 749 * Fix for ASN1 overflow bug ([CVE-2012-2110]) 750 * Workarounds for some servers that hang on long client hellos. 751 * Fix SEGV in AES code. 752 753### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] 754 755 * TLS/DTLS heartbeat support. 756 * SCTP support. 757 * RFC 5705 TLS key material exporter. 758 * RFC 5764 DTLS-SRTP negotiation. 759 * Next Protocol Negotiation. 760 * PSS signatures in certificates, requests and CRLs. 761 * Support for password based recipient info for CMS. 762 * Support TLS v1.2 and TLS v1.1. 763 * Preliminary FIPS capability for unvalidated 2.0 FIPS module. 764 * SRP support. 765 766OpenSSL 1.0.0 767------------- 768 769### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] 770 771 * X509_ATTRIBUTE memory leak (([CVE-2015-3195])) 772 * Race condition handling PSK identify hint ([CVE-2015-3196]) 773 774### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] 775 776 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 777 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 778 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 779 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 780 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 781 782### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] 783 784 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 785 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 786 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 787 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 788 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 789 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 790 * Removed the export ciphers from the DEFAULT ciphers 791 792### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] 793 794 * Build fixes for the Windows and OpenVMS platforms 795 796### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] 797 798 * Fix for [CVE-2014-3571] 799 * Fix for [CVE-2015-0206] 800 * Fix for [CVE-2014-3569] 801 * Fix for [CVE-2014-3572] 802 * Fix for [CVE-2015-0204] 803 * Fix for [CVE-2015-0205] 804 * Fix for [CVE-2014-8275] 805 * Fix for [CVE-2014-3570] 806 807### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] 808 809 * Fix for [CVE-2014-3513] 810 * Fix for [CVE-2014-3567] 811 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) 812 * Fix for [CVE-2014-3568] 813 814### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] 815 816 * Fix for [CVE-2014-3510] 817 * Fix for [CVE-2014-3507] 818 * Fix for [CVE-2014-3506] 819 * Fix for [CVE-2014-3505] 820 * Fix for [CVE-2014-3509] 821 * Fix for [CVE-2014-3508] 822 823 Known issues in OpenSSL 1.0.0m: 824 825 * EAP-FAST and other applications using tls_session_secret_cb 826 won't resume sessions. Fixed in 1.0.0n-dev 827 * Compilation failure of s3_pkt.c on some platforms due to missing 828 `<limits.h>` include. Fixed in 1.0.0n-dev 829 830### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] 831 832 * Fix for [CVE-2014-0224] 833 * Fix for [CVE-2014-0221] 834 * Fix for [CVE-2014-0198] 835 * Fix for [CVE-2014-0195] 836 * Fix for [CVE-2014-3470] 837 * Fix for [CVE-2014-0076] 838 * Fix for [CVE-2010-5298] 839 840### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] 841 842 * Fix for DTLS retransmission bug ([CVE-2013-6450]) 843 844### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] 845 846 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) 847 * Fix OCSP bad key DoS attack ([CVE-2013-0166]) 848 849### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] 850 851 * Fix DTLS record length checking bug ([CVE-2012-2333]) 852 853### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] 854 855 * Fix for ASN1 overflow bug ([CVE-2012-2110]) 856 857### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] 858 859 * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884]) 860 * Corrected fix for ([CVE-2011-4619]) 861 * Various DTLS fixes. 862 863### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] 864 865 * Fix for DTLS DoS issue ([CVE-2012-0050]) 866 867### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] 868 869 * Fix for DTLS plaintext recovery attack ([CVE-2011-4108]) 870 * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576]) 871 * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619]) 872 * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027]) 873 * Check for malformed RFC3779 data ([CVE-2011-4577]) 874 875### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] 876 877 * Fix for CRL vulnerability issue ([CVE-2011-3207]) 878 * Fix for ECDH crashes ([CVE-2011-3210]) 879 * Protection against EC timing attacks. 880 * Support ECDH ciphersuites for certificates using SHA2 algorithms. 881 * Various DTLS fixes. 882 883### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] 884 885 * Fix for security issue ([CVE-2011-0014]) 886 887### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] 888 889 * Fix for security issue ([CVE-2010-4180]) 890 * Fix for ([CVE-2010-4252]) 891 * Fix mishandling of absent EC point format extension. 892 * Fix various platform compilation issues. 893 * Corrected fix for security issue ([CVE-2010-3864]). 894 895### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] 896 897 * Fix for security issue ([CVE-2010-3864]). 898 * Fix for ([CVE-2010-2939]) 899 * Fix WIN32 build system for GOST ENGINE. 900 901### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] 902 903 * Fix for security issue ([CVE-2010-1633]). 904 * GOST MAC and CFB fixes. 905 906### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] 907 908 * RFC3280 path validation: sufficient to process PKITS tests. 909 * Integrated support for PVK files and keyblobs. 910 * Change default private key format to PKCS#8. 911 * CMS support: able to process all examples in RFC4134 912 * Streaming ASN1 encode support for PKCS#7 and CMS. 913 * Multiple signer and signer add support for PKCS#7 and CMS. 914 * ASN1 printing support. 915 * Whirlpool hash algorithm added. 916 * RFC3161 time stamp support. 917 * New generalised public key API supporting ENGINE based algorithms. 918 * New generalised public key API utilities. 919 * New ENGINE supporting GOST algorithms. 920 * SSL/TLS GOST ciphersuite support. 921 * PKCS#7 and CMS GOST support. 922 * RFC4279 PSK ciphersuite support. 923 * Supported points format extension for ECC ciphersuites. 924 * ecdsa-with-SHA224/256/384/512 signature types. 925 * dsa-with-SHA224 and dsa-with-SHA256 signature types. 926 * Opaque PRF Input TLS extension support. 927 * Updated time routines to avoid OS limitations. 928 929OpenSSL 0.9.x 930------------- 931 932### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] 933 934 * CFB cipher definition fixes. 935 * Fix security issues [CVE-2010-0740] and [CVE-2010-0433]. 936 937### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] 938 939 * Cipher definition fixes. 940 * Workaround for slow RAND_poll() on some WIN32 versions. 941 * Remove MD2 from algorithm tables. 942 * SPKAC handling fixes. 943 * Support for RFC5746 TLS renegotiation extension. 944 * Compression memory leak fixed. 945 * Compression session resumption fixed. 946 * Ticket and SNI coexistence fixes. 947 * Many fixes to DTLS handling. 948 949### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] 950 951 * Temporary work around for [CVE-2009-3555]: disable renegotiation. 952 953### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] 954 955 * Fix various build issues. 956 * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789] 957 958### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] 959 960 * Fix security issue ([CVE-2008-5077]) 961 * Merge FIPS 140-2 branch code. 962 963### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] 964 965 * CryptoAPI ENGINE support. 966 * Various precautionary measures. 967 * Fix for bugs affecting certificate request creation. 968 * Support for local machine keyset attribute in PKCS#12 files. 969 970### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] 971 972 * Backport of CMS functionality to 0.9.8. 973 * Fixes for bugs introduced with 0.9.8f. 974 975### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] 976 977 * Add gcc 4.2 support. 978 * Add support for AES and SSE2 assembly language optimization 979 for VC++ build. 980 * Support for RFC4507bis and server name extensions if explicitly 981 selected at compile time. 982 * DTLS improvements. 983 * RFC4507bis support. 984 * TLS Extensions support. 985 986### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] 987 988 * Various ciphersuite selection fixes. 989 * RFC3779 support. 990 991### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] 992 993 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) 994 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] 995 * Changes to ciphersuite selection algorithm 996 997### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] 998 999 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] 1000 * New cipher Camellia 1001 1002### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] 1003 1004 * Cipher string fixes. 1005 * Fixes for VC++ 2005. 1006 * Updated ECC cipher suite support. 1007 * New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). 1008 * Zlib compression usage fixes. 1009 * Built in dynamic engine compilation support on Win32. 1010 * Fixes auto dynamic engine loading in Win32. 1011 1012### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] 1013 1014 * Fix potential SSL 2.0 rollback ([CVE-2005-2969]) 1015 * Extended Windows CE support 1016 1017### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] 1018 1019 * Major work on the BIGNUM library for higher efficiency and to 1020 make operations more streamlined and less contradictory. This 1021 is the result of a major audit of the BIGNUM library. 1022 * Addition of BIGNUM functions for fields GF(2^m) and NIST 1023 curves, to support the Elliptic Crypto functions. 1024 * Major work on Elliptic Crypto; ECDH and ECDSA added, including 1025 the use through EVP, X509 and ENGINE. 1026 * New ASN.1 mini-compiler that's usable through the OpenSSL 1027 configuration file. 1028 * Added support for ASN.1 indefinite length constructed encoding. 1029 * New PKCS#12 'medium level' API to manipulate PKCS#12 files. 1030 * Complete rework of shared library construction and linking 1031 programs with shared or static libraries, through a separate 1032 Makefile.shared. 1033 * Rework of the passing of parameters from one Makefile to another. 1034 * Changed ENGINE framework to load dynamic engine modules 1035 automatically from specifically given directories. 1036 * New structure and ASN.1 functions for CertificatePair. 1037 * Changed the ZLIB compression method to be stateful. 1038 * Changed the key-generation and primality testing "progress" 1039 mechanism to take a structure that contains the ticker 1040 function and an argument. 1041 * New engine module: GMP (performs private key exponentiation). 1042 * New engine module: VIA PadLOck ACE extension in VIA C3 1043 Nehemiah processors. 1044 * Added support for IPv6 addresses in certificate extensions. 1045 See RFC 1884, section 2.2. 1046 * Added support for certificate policy mappings, policy 1047 constraints and name constraints. 1048 * Added support for multi-valued AVAs in the OpenSSL 1049 configuration file. 1050 * Added support for multiple certificates with the same subject 1051 in the 'openssl ca' index file. 1052 * Make it possible to create self-signed certificates using 1053 'openssl ca -selfsign'. 1054 * Make it possible to generate a serial number file with 1055 'openssl ca -create_serial'. 1056 * New binary search functions with extended functionality. 1057 * New BUF functions. 1058 * New STORE structure and library to provide an interface to all 1059 sorts of data repositories. Supports storage of public and 1060 private keys, certificates, CRLs, numbers and arbitrary blobs. 1061 This library is unfortunately unfinished and unused within 1062 OpenSSL. 1063 * New control functions for the error stack. 1064 * Changed the PKCS#7 library to support one-pass S/MIME 1065 processing. 1066 * Added the possibility to compile without old deprecated 1067 functionality with the OPENSSL_NO_DEPRECATED macro or the 1068 'no-deprecated' argument to the config and Configure scripts. 1069 * Constification of all ASN.1 conversion functions, and other 1070 affected functions. 1071 * Improved platform support for PowerPC. 1072 * New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). 1073 * New X509_VERIFY_PARAM structure to support parameterisation 1074 of X.509 path validation. 1075 * Major overhaul of RC4 performance on Intel P4, IA-64 and 1076 AMD64. 1077 * Changed the Configure script to have some algorithms disabled 1078 by default. Those can be explicitly enabled with the new 1079 argument form 'enable-xxx'. 1080 * Change the default digest in 'openssl' commands from MD5 to 1081 SHA-1. 1082 * Added support for DTLS. 1083 * New BIGNUM blinding. 1084 * Added support for the RSA-PSS encryption scheme 1085 * Added support for the RSA X.931 padding. 1086 * Added support for BSD sockets on NetWare. 1087 * Added support for files larger than 2GB. 1088 * Added initial support for Win64. 1089 * Added alternate pkg-config files. 1090 1091### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] 1092 1093 * FIPS 1.1.1 module linking. 1094 * Various ciphersuite selection fixes. 1095 1096### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] 1097 1098 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) 1099 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] 1100 1101### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] 1102 1103 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] 1104 1105### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] 1106 1107 * Visual C++ 2005 fixes. 1108 * Update Windows build system for FIPS. 1109 1110### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] 1111 1112 * Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. 1113 1114### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] 1115 1116 * Fix SSL 2.0 Rollback ([CVE-2005-2969]) 1117 * Allow use of fixed-length exponent on DSA signing 1118 * Default fixed-window RSA, DSA, DH private-key operations 1119 1120### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] 1121 1122 * More compilation issues fixed. 1123 * Adaptation to more modern Kerberos API. 1124 * Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. 1125 * Enhanced x86_64 assembler BIGNUM module. 1126 * More constification. 1127 * Added processing of proxy certificates (RFC 3820). 1128 1129### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] 1130 1131 * Several compilation issues fixed. 1132 * Many memory allocation failure checks added. 1133 * Improved comparison of X509 Name type. 1134 * Mandatory basic checks on certificates. 1135 * Performance improvements. 1136 1137### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] 1138 1139 * Fix race condition in CRL checking code. 1140 * Fixes to PKCS#7 (S/MIME) code. 1141 1142### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] 1143 1144 * Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug 1145 * Security: Fix null-pointer assignment in do_change_cipher_spec() 1146 * Allow multiple active certificates with same subject in CA index 1147 * Multiple X509 verification fixes 1148 * Speed up HMAC and other operations 1149 1150### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] 1151 1152 * Security: fix various ASN1 parsing bugs. 1153 * New -ignore_err option to OCSP utility. 1154 * Various interop and bug fixes in S/MIME code. 1155 * SSL/TLS protocol fix for unrequested client certificates. 1156 1157### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] 1158 1159 * Security: counter the Klima-Pokorny-Rosa extension of 1160 Bleichbacher's attack 1161 * Security: make RSA blinding default. 1162 * Configuration: Irix fixes, AIX fixes, better mingw support. 1163 * Support for new platforms: linux-ia64-ecc. 1164 * Build: shared library support fixes. 1165 * ASN.1: treat domainComponent correctly. 1166 * Documentation: fixes and additions. 1167 1168### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] 1169 1170 * Security: Important security related bugfixes. 1171 * Enhanced compatibility with MIT Kerberos. 1172 * Can be built without the ENGINE framework. 1173 * IA32 assembler enhancements. 1174 * Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. 1175 * Configuration: the no-err option now works properly. 1176 * SSL/TLS: now handles manual certificate chain building. 1177 * SSL/TLS: certain session ID malfunctions corrected. 1178 1179### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] 1180 1181 * New library section OCSP. 1182 * Complete rewrite of ASN1 code. 1183 * CRL checking in verify code and openssl utility. 1184 * Extension copying in 'ca' utility. 1185 * Flexible display options in 'ca' utility. 1186 * Provisional support for international characters with UTF8. 1187 * Support for external crypto devices ('engine') is no longer 1188 a separate distribution. 1189 * New elliptic curve library section. 1190 * New AES (Rijndael) library section. 1191 * Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, 1192 Linux x86_64, Linux 64-bit on Sparc v9 1193 * Extended support for some platforms: VxWorks 1194 * Enhanced support for shared libraries. 1195 * Now only builds PIC code when shared library support is requested. 1196 * Support for pkg-config. 1197 * Lots of new manuals. 1198 * Makes symbolic links to or copies of manuals to cover all described 1199 functions. 1200 * Change DES API to clean up the namespace (some applications link also 1201 against libdes providing similar functions having the same name). 1202 Provide macros for backward compatibility (will be removed in the 1203 future). 1204 * Unify handling of cryptographic algorithms (software and engine) 1205 to be available via EVP routines for asymmetric and symmetric ciphers. 1206 * NCONF: new configuration handling routines. 1207 * Change API to use more 'const' modifiers to improve error checking 1208 and help optimizers. 1209 * Finally remove references to RSAref. 1210 * Reworked parts of the BIGNUM code. 1211 * Support for new engines: Broadcom ubsec, Accelerated Encryption 1212 Processing, IBM 4758. 1213 * A few new engines added in the demos area. 1214 * Extended and corrected OID (object identifier) table. 1215 * PRNG: query at more locations for a random device, automatic query for 1216 EGD style random sources at several locations. 1217 * SSL/TLS: allow optional cipher choice according to server's preference. 1218 * SSL/TLS: allow server to explicitly set new session ids. 1219 * SSL/TLS: support Kerberos cipher suites (RFC2712). 1220 Only supports MIT Kerberos for now. 1221 * SSL/TLS: allow more precise control of renegotiations and sessions. 1222 * SSL/TLS: add callback to retrieve SSL/TLS messages. 1223 * SSL/TLS: support AES cipher suites (RFC3268). 1224 1225### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] 1226 1227 * Security: fix various ASN1 parsing bugs. 1228 * SSL/TLS protocol fix for unrequested client certificates. 1229 1230### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] 1231 1232 * Security: counter the Klima-Pokorny-Rosa extension of 1233 Bleichbacher's attack 1234 * Security: make RSA blinding default. 1235 * Build: shared library support fixes. 1236 1237### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] 1238 1239 * Important security related bugfixes. 1240 1241### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] 1242 1243 * New configuration targets for Tandem OSS and A/UX. 1244 * New OIDs for Microsoft attributes. 1245 * Better handling of SSL session caching. 1246 * Better comparison of distinguished names. 1247 * Better handling of shared libraries in a mixed GNU/non-GNU environment. 1248 * Support assembler code with Borland C. 1249 * Fixes for length problems. 1250 * Fixes for uninitialised variables. 1251 * Fixes for memory leaks, some unusual crashes and some race conditions. 1252 * Fixes for smaller building problems. 1253 * Updates of manuals, FAQ and other instructive documents. 1254 1255### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] 1256 1257 * Important building fixes on Unix. 1258 1259### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] 1260 1261 * Various important bugfixes. 1262 1263### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] 1264 1265 * Important security related bugfixes. 1266 * Various SSL/TLS library bugfixes. 1267 1268### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] 1269 1270 * Various SSL/TLS library bugfixes. 1271 * Fix DH parameter generation for 'non-standard' generators. 1272 1273### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] 1274 1275 * Various SSL/TLS library bugfixes. 1276 * BIGNUM library fixes. 1277 * RSA OAEP and random number generation fixes. 1278 * Object identifiers corrected and added. 1279 * Add assembler BN routines for IA64. 1280 * Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 1281 MIPS Linux; shared library support for Irix, HP-UX. 1282 * Add crypto accelerator support for AEP, Baltimore SureWare, 1283 Broadcom and Cryptographic Appliance's keyserver 1284 [in 0.9.6c-engine release]. 1285 1286### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] 1287 1288 * Security fix: PRNG improvements. 1289 * Security fix: RSA OAEP check. 1290 * Security fix: Reinsert and fix countermeasure to Bleichbacher's 1291 attack. 1292 * MIPS bug fix in BIGNUM. 1293 * Bug fix in "openssl enc". 1294 * Bug fix in X.509 printing routine. 1295 * Bug fix in DSA verification routine and DSA S/MIME verification. 1296 * Bug fix to make PRNG thread-safe. 1297 * Bug fix in RAND_file_name(). 1298 * Bug fix in compatibility mode trust settings. 1299 * Bug fix in blowfish EVP. 1300 * Increase default size for BIO buffering filter. 1301 * Compatibility fixes in some scripts. 1302 1303### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] 1304 1305 * Security fix: change behavior of OpenSSL to avoid using 1306 environment variables when running as root. 1307 * Security fix: check the result of RSA-CRT to reduce the 1308 possibility of deducing the private key from an incorrectly 1309 calculated signature. 1310 * Security fix: prevent Bleichenbacher's DSA attack. 1311 * Security fix: Zero the premaster secret after deriving the 1312 master secret in DH ciphersuites. 1313 * Reimplement SSL_peek(), which had various problems. 1314 * Compatibility fix: the function des_encrypt() renamed to 1315 des_encrypt1() to avoid clashes with some Unixen libc. 1316 * Bug fixes for Win32, HP/UX and Irix. 1317 * Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 1318 memory checking routines. 1319 * Bug fixes for RSA operations in threaded environments. 1320 * Bug fixes in misc. openssl applications. 1321 * Remove a few potential memory leaks. 1322 * Add tighter checks of BIGNUM routines. 1323 * Shared library support has been reworked for generality. 1324 * More documentation. 1325 * New function BN_rand_range(). 1326 * Add "-rand" option to openssl s_client and s_server. 1327 1328### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] 1329 1330 * Some documentation for BIO and SSL libraries. 1331 * Enhanced chain verification using key identifiers. 1332 * New sign and verify options to 'dgst' application. 1333 * Support for DER and PEM encoded messages in 'smime' application. 1334 * New 'rsautl' application, low-level RSA utility. 1335 * MD4 now included. 1336 * Bugfix for SSL rollback padding check. 1337 * Support for external crypto devices [1]. 1338 * Enhanced EVP interface. 1339 1340 [1] The support for external crypto devices is currently a separate 1341 distribution. See the file README-Engine.md. 1342 1343### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] 1344 1345 * Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 1346 * Shared library support for HPUX and Solaris-gcc 1347 * Support of Linux/IA64 1348 * Assembler support for Mingw32 1349 * New 'rand' application 1350 * New way to check for existence of algorithms from scripts 1351 1352### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] 1353 1354 * S/MIME support in new 'smime' command 1355 * Documentation for the OpenSSL command line application 1356 * Automation of 'req' application 1357 * Fixes to make s_client, s_server work under Windows 1358 * Support for multiple fieldnames in SPKACs 1359 * New SPKAC command line utility and associated library functions 1360 * Options to allow passwords to be obtained from various sources 1361 * New public key PEM format and options to handle it 1362 * Many other fixes and enhancements to command line utilities 1363 * Usable certificate chain verification 1364 * Certificate purpose checking 1365 * Certificate trust settings 1366 * Support of authority information access extension 1367 * Extensions in certificate requests 1368 * Simplified X509 name and attribute routines 1369 * Initial (incomplete) support for international character sets 1370 * New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 1371 * Read only memory BIOs and simplified creation function 1372 * TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 1373 record; allow fragmentation and interleaving of handshake and other 1374 data 1375 * TLS/SSL code now "tolerates" MS SGC 1376 * Work around for Netscape client certificate hang bug 1377 * RSA_NULL option that removes RSA patent code but keeps other 1378 RSA functionality 1379 * Memory leak detection now allows applications to add extra information 1380 via a per-thread stack 1381 * PRNG robustness improved 1382 * EGD support 1383 * BIGNUM library bug fixes 1384 * Faster DSA parameter generation 1385 * Enhanced support for Alpha Linux 1386 * Experimental macOS support 1387 1388### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] 1389 1390 * Transparent support for PKCS#8 format private keys: these are used 1391 by several software packages and are more secure than the standard 1392 form 1393 * PKCS#5 v2.0 implementation 1394 * Password callbacks have a new void * argument for application data 1395 * Avoid various memory leaks 1396 * New pipe-like BIO that allows using the SSL library when actual I/O 1397 must be handled by the application (BIO pair) 1398 1399### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] 1400 1401 * Lots of enhancements and cleanups to the Configuration mechanism 1402 * RSA OEAP related fixes 1403 * Added "openssl ca -revoke" option for revoking a certificate 1404 * Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 1405 * Source tree cleanups: removed lots of obsolete files 1406 * Thawte SXNet, certificate policies and CRL distribution points 1407 extension support 1408 * Preliminary (experimental) S/MIME support 1409 * Support for ASN.1 UTF8String and VisibleString 1410 * Full integration of PKCS#12 code 1411 * Sparc assembler bignum implementation, optimized hash functions 1412 * Option to disable selected ciphers 1413 1414### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] 1415 1416 * Fixed a security hole related to session resumption 1417 * Fixed RSA encryption routines for the p < q case 1418 * "ALL" in cipher lists now means "everything except NULL ciphers" 1419 * Support for Triple-DES CBCM cipher 1420 * Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 1421 * First support for new TLSv1 ciphers 1422 * Added a few new BIOs (syslog BIO, reliable BIO) 1423 * Extended support for DSA certificate/keys. 1424 * Extended support for Certificate Signing Requests (CSR) 1425 * Initial support for X.509v3 extensions 1426 * Extended support for compression inside the SSL record layer 1427 * Overhauled Win32 builds 1428 * Cleanups and fixes to the Big Number (BN) library 1429 * Support for ASN.1 GeneralizedTime 1430 * Splitted ASN.1 SETs from SEQUENCEs 1431 * ASN1 and PEM support for Netscape Certificate Sequences 1432 * Overhauled Perl interface 1433 * Lots of source tree cleanups. 1434 * Lots of memory leak fixes. 1435 * Lots of bug fixes. 1436 1437### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] 1438 1439 * Integration of the popular NO_RSA/NO_DSA patches 1440 * Initial support for compression inside the SSL record layer 1441 * Added BIO proxy and filtering functionality 1442 * Extended Big Number (BN) library 1443 * Added RIPE MD160 message digest 1444 * Added support for RC2/64bit cipher 1445 * Extended ASN.1 parser routines 1446 * Adjustments of the source tree for CVS 1447 * Support for various new platforms 1448 1449<!-- Links --> 1450 1451[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 1452[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 1453[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 1454[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 1455[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 1456[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 1457[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 1458[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 1459[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 1460[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 1461[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 1462[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 1463[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 1464[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 1465[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 1466[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 1467[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 1468[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 1469[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 1470[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 1471[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 1472[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 1473[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 1474[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 1475[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 1476[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 1477[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 1478[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 1479[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 1480[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 1481[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 1482[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 1483[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 1484[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 1485[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 1486[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 1487[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 1488[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 1489[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 1490[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 1491[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 1492[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 1493[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 1494[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 1495[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 1496[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 1497[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 1498[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 1499[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 1500[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 1501[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 1502[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 1503[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 1504[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 1505[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 1506[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 1507[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 1508[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 1509[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 1510[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 1511[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 1512[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 1513[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 1514[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 1515[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 1516[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 1517[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 1518[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 1519[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 1520[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 1521[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 1522[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 1523[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 1524[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 1525[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 1526[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 1527[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 1528[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 1529[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 1530[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 1531[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 1532[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 1533[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 1534[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 1535[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 1536[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 1537[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 1538[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 1539[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 1540[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 1541[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 1542[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 1543[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 1544[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 1545[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 1546[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 1547[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 1548[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 1549[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 1550[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 1551[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 1552[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 1553[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 1554[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 1555[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 1556[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 1557[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 1558[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 1559[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 1560[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 1561[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 1562[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 1563[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 1564[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 1565[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 1566[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 1567[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 1568[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 1569[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 1570[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 1571[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 1572[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198 1573[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 1574[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 1575[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 1576[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 1577[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449 1578[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 1579[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 1580[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 1581[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 1582[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 1583[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 1584[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 1585[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 1586[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 1587[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 1588[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 1589[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 1590[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 1591[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 1592[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 1593[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 1594[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298 1595[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 1596[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 1597[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 1598[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939 1599[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 1600[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 1601[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 1602[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 1603[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 1604[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 1605[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 1606[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 1607[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 1608[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 1609[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737 1610[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 1611[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 1612[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 1613