1NEWS 2==== 3 4This file gives a brief overview of the major changes between each OpenSSL 5release. For more details please read the CHANGES file. 6 7OpenSSL Releases 8---------------- 9 10 - [OpenSSL 3.5](#openssl-35) 11 - [OpenSSL 3.4](#openssl-34) 12 - [OpenSSL 3.3](#openssl-33) 13 - [OpenSSL 3.2](#openssl-32) 14 - [OpenSSL 3.1](#openssl-31) 15 - [OpenSSL 3.0](#openssl-30) 16 - [OpenSSL 1.1.1](#openssl-111) 17 - [OpenSSL 1.1.0](#openssl-110) 18 - [OpenSSL 1.0.2](#openssl-102) 19 - [OpenSSL 1.0.1](#openssl-101) 20 - [OpenSSL 1.0.0](#openssl-100) 21 - [OpenSSL 0.9.x](#openssl-09x) 22 23OpenSSL 3.5 24----------- 25 26### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [30 Sep 2025] 27 28OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this 29release is Moderate. 30 31This release incorporates the following bug fixes and mitigations: 32 33 * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. 34 ([CVE-2025-9230]) 35 36 * Fix Timing side-channel in SM2 algorithm on 64 bit ARM. 37 ([CVE-2025-9231]) 38 39 * Fix Out-of-bounds read in HTTP client no_proxy handling. 40 ([CVE-2025-9232]) 41 42 * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release 43 builds, as it broke some exiting applications that relied on the previous 44 3.x semantics, as documented in `OpenSSL_version(3)`. 45 46### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025] 47 48OpenSSL 3.5.3 is a bug fix release. 49 50This release incorporates the following bug fixes and mitigations: 51 52 * Added FIPS 140-3 PCT on DH key generation. 53 54 * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. 55 56 * Removed PCT on key import in the FIPS provider as it is not required by 57 the standard. 58 59### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025] 60 61OpenSSL 3.5.2 is a bug fix release. 62 63This release incorporates the following bug fixes and mitigations: 64 65 * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. 66 67### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025] 68 69OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this 70release is Low. 71 72This release incorporates the following bug fixes and mitigations: 73 74 * Fix x509 application adds trusted use instead of rejected use. 75 ([CVE-2025-4575]) 76 77### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025] 78 79OpenSSL 3.5.0 is a feature release adding significant new functionality to 80OpenSSL. 81 82This release incorporates the following potentially significant or incompatible 83changes: 84 85 * Default encryption cipher for the `req`, `cms`, and `smime` applications 86 changed from `des-ede3-cbc` to `aes-256-cbc`. 87 88 * The default TLS supported groups list has been changed to include and 89 prefer hybrid PQC KEM groups. Some practically unused groups were removed 90 from the default list. 91 92 * The default TLS keyshares have been changed to offer X25519MLKEM768 and 93 and X25519. 94 95 * All `BIO_meth_get_*()` functions were deprecated. 96 97This release adds the following new features: 98 99 * Support for server side QUIC (RFC 9000) 100 101 * Support for 3rd party QUIC stacks including 0-RTT support 102 103 * Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) 104 105 * A new configuration option `no-tls-deprecated-ec` to disable support for 106 TLS groups deprecated in RFC8422 107 108 * A new configuration option `enable-fips-jitter` to make the FIPS provider 109 to use the `JITTER` seed source 110 111 * Support for central key generation in CMP 112 113 * Support added for opaque symmetric key objects (EVP_SKEY) 114 115 * Support for multiple TLS keyshares and improved TLS key establishment group 116 configurability 117 118 * API support for pipelining in provided cipher algorithms 119 120Known issues in 3.5.0 121 122 * <https://github.com/openssl/openssl/issues/27282> 123 Calling SSL_accept on objects returned from SSL_accept_connection 124 results in error. It is expected that making this call will advance 125 the SSL handshake for the passed connection, but currently it does not. 126 This can be handled by calling SSL_do_handshake instead. A fix is planned 127 for OpenSSL 3.5.1 128 129OpenSSL 3.4 130----------- 131 132### Major changes between OpenSSL 3.4.0 and OpenSSL 3.4.1 [11 Feb 2025] 133 134OpenSSL 3.4.1 is a security patch release. The most severe CVE fixed in this 135release is High. 136 137This release incorporates the following bug fixes and mitigations: 138 139 * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. 140 ([CVE-2024-12797]) 141 142 * Fixed timing side-channel in ECDSA signature computation. 143 ([CVE-2024-13176]) 144 145### Major changes between OpenSSL 3.3 and OpenSSL 3.4.0 [22 Oct 2024] 146 147OpenSSL 3.4.0 is a feature release adding significant new functionality to 148OpenSSL. 149 150This release incorporates the following potentially significant or incompatible 151changes: 152 153 * Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement 154 TS_VERIFY_CTX_set0_* functions with improved semantics 155 156 * Redesigned use of OPENSSLDIR/ENGINESDIR/MODULESDIR on Windows such that 157 what were formerly build time locations can now be defined at run time 158 with registry keys 159 160 * The X25519 and X448 key exchange implementation in the FIPS provider 161 is unapproved and has `fips=no` property. 162 163 * SHAKE-128 and SHAKE-256 implementations have no default digest length 164 anymore. That means these algorithms cannot be used with 165 EVP_DigestFinal/_ex() unless the `xoflen` param is set before. 166 167 * Setting `config_diagnostics=1` in the config file will cause errors to 168 be returned from SSL_CTX_new() and SSL_CTX_new_ex() if there is an error 169 in the ssl module configuration. 170 171 * An empty renegotiate extension will be used in TLS client hellos instead 172 of the empty renegotiation SCSV, for all connections with a minimum TLS 173 version > 1.0. 174 175 * Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and 176 SSL_CTX_flush_sessions() functions in favor of their respective `_ex` 177 functions which are Y2038-safe on platforms with Y2038-safe `time_t` 178 179This release adds the following new features: 180 181 * Support for directly fetched composite signature algorithms such as 182 RSA-SHA2-256 including new API functions 183 184 * FIPS indicators support in the FIPS provider and various updates of the FIPS 185 provider required for future FIPS 140-3 validations 186 187 * Implementation of RFC 9579 (PBMAC1) in PKCS#12 188 189 * An optional additional random seed source RNG `JITTER` using a statically 190 linked jitterentropy library 191 192 * New options `-not_before` and `-not_after` for explicit setting start and 193 end dates of certificates created with the `req` and `x509` apps 194 195 * Support for integrity-only cipher suites TLS_SHA256_SHA256 and 196 TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150 197 198 * Support for retrieving certificate request templates and CRLs in CMP 199 200 * Support for additional X.509v3 extensions related to Attribute Certificates 201 202 * Initial Attribute Certificate (RFC 5755) support 203 204 * Possibility to customize ECC groups initialization to use precomputed values 205 to save CPU time and use of this feature by the P-256 implementation 206 207OpenSSL 3.3 208----------- 209 210### Major changes between OpenSSL 3.3.2 and OpenSSL 3.3.3 [under development] 211 212OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this 213release is Low. 214 215This release incorporates the following bug fixes and mitigations: 216 217 * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic 218 curve parameters. 219 ([CVE-2024-9143]) 220 221### Major changes between OpenSSL 3.3.1 and OpenSSL 3.3.2 [3 Sep 2024] 222 223OpenSSL 3.3.2 is a security patch release. The most severe CVE fixed in this 224release is Moderate. 225 226This release incorporates the following bug fixes and mitigations: 227 228 * Fixed possible denial of service in X.509 name checks 229 ([CVE-2024-6119]) 230 231 * Fixed possible buffer overread in SSL_select_next_proto() 232 ([CVE-2024-5535]) 233 234### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [4 Jun 2024] 235 236OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this 237release is Low. 238 239This release incorporates the following bug fixes and mitigations: 240 241 * Fixed potential use after free after SSL_free_buffers() is called 242 ([CVE-2024-4741]) 243 244 * Fixed an issue where checking excessively long DSA keys or parameters may 245 be very slow 246 ([CVE-2024-4603]) 247 248### Major changes between OpenSSL 3.2 and OpenSSL 3.3.0 [9 Apr 2024] 249 250OpenSSL 3.3.0 is a feature release adding significant new functionality to 251OpenSSL. 252 253This release adds the following new features: 254 255 * Support for qlog for tracing QUIC connections has been added 256 257 * Added APIs to allow configuring the negotiated idle timeout for QUIC 258 connections, and to allow determining the number of additional streams 259 that can currently be created for a QUIC connection. 260 261 * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL 262 objects 263 264 * Added APIs to allow querying the size and utilisation of a QUIC stream's 265 write buffer 266 267 * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN) 268 condition in an optimised way when using QUIC. 269 270 * Limited support for polling of QUIC connection and stream objects in a 271 non-blocking manner. 272 273 * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple 274 times with different output sizes. 275 276 * Added exporter for CMake on Unix and Windows, alongside the pkg-config 277 exporter. 278 279 * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable 280 output length. 281 282 * The EVP_PKEY_fromdata function has been augmented to allow for the 283 derivation of CRT (Chinese Remainder Theorem) parameters when requested 284 285 * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex() 286 using time_t which is Y2038 safe on 32 bit systems when 64 bit time 287 is enabled 288 289 * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms 290 config options and the respective calls to SSL[_CTX]_set1_sigalgs() and 291 SSL[_CTX]_set1_client_sigalgs() that start with `?` character are 292 ignored and the configuration will still be used. 293 294 * Added `-set_issuer` and `-set_subject` options to `openssl x509` to 295 override the Issuer and Subject when creating a certificate. The `-subj` 296 option now is an alias for `-set_subject`. 297 298 * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483 299 300 * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3 301 server to prefer session resumption using PSK-only key exchange over PSK 302 with DHE, if both are available. 303 304 * New atexit configuration switch, which controls whether the OPENSSL_cleanup 305 is registered when libcrypto is unloaded. 306 307 * Added X509_STORE_get1_objects to avoid issues with the existing 308 X509_STORE_get0_objects API in multi-threaded applications. 309 310 * Support for using certificate profiles and extened delayed delivery in CMP 311 312This release incorporates the following potentially significant or incompatible 313changes: 314 315 * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 316 317 * Optimized AES-CTR for ARM Neoverse V1 and V2 318 319 * Enable AES and SHA3 optimisations on Apple Silicon M3-based MacOS systems 320 similar to M1/M2. 321 322 * Various optimizations for cryptographic routines using RISC-V vector crypto 323 extensions 324 325 * Added assembly implementation for md5 on loongarch64 326 327 * Accept longer context for TLS 1.2 exporters 328 329 * The activate and soft_load configuration settings for providers in 330 openssl.cnf have been updated to require a value of [1|yes|true|on] 331 (in lower or UPPER case) to enable the setting. Conversely a value 332 of [0|no|false|off] will disable the setting. 333 334 * In `openssl speed`, changed the default hash function used with `hmac` from 335 `md5` to `sha256`. 336 337 * The `-verify` option to the `openssl crl` and `openssl req` will make the 338 program exit with 1 on failure. 339 340 * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and 341 related functions have been augmented to check for a minimum length of 342 the input string, in accordance with ITU-T X.690 section 11.7 and 11.8. 343 344 * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1 345 if called with a NULL stack argument. 346 347 * New limit on HTTP response headers is introduced to HTTP client. The 348 default limit is set to 256 header lines. 349 350This release incorporates the following bug fixes and mitigations: 351 352 * The BIO_get_new_index() function can only be called 127 times before it 353 reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its 354 exhausted. 355 356A more detailed list of changes in this release can be found in the 357[CHANGES.md] file. 358 359Users interested in using the new QUIC functionality are encouraged to read the 360[README file for QUIC][README-QUIC.md], which provides links to relevant 361documentation and example code. 362 363As always, bug reports and issues relating to OpenSSL can be [filed on our issue 364tracker][issue tracker]. 365 366OpenSSL 3.2 367----------- 368 369### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development] 370 371OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this 372release is Low. 373 374This release incorporates the following bug fixes and mitigations: 375 376 * Fixed unbounded memory growth with session handling in TLSv1.3 377 ([CVE-2024-2511]) 378 379### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024] 380 381OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this 382release is Low. 383 384This release incorporates the following bug fixes and mitigations: 385 386 * Fixed PKCS12 Decoding crashes 387 ([CVE-2024-0727]) 388 389 * Fixed excessive time spent checking invalid RSA public keys 390 ([CVE-2023-6237]) 391 392 * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC 393 CPUs which support PowerISA 2.07 394 ([CVE-2023-6129]) 395 396### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023] 397 398OpenSSL 3.2.0 is a feature release adding significant new functionality to 399OpenSSL. 400 401This release incorporates the following potentially significant or incompatible 402changes: 403 404 * The default SSL/TLS security level has been changed from 1 to 2. 405 406 * The `x509`, `ca`, and `req` apps now always produce X.509v3 certificates. 407 408 * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings 409 by default. Also spaces surrounding `=` in DN output are removed. 410 411This release adds the following new features: 412 413 * Support for client side QUIC, including support for 414 multiple streams (RFC 9000) 415 416 * Support for Ed25519ctx, Ed25519ph and Ed448ph in addition 417 to existing support for Ed25519 and Ed448 (RFC 8032) 418 419 * Support for deterministic ECDSA signatures (RFC 6979) 420 421 * Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452) 422 423 * Support for the Argon2 KDF, along with supporting thread pool 424 functionality (RFC 9106) 425 426 * Support for Hybrid Public Key Encryption (HPKE) (RFC 9180) 427 428 * Support for SM4-XTS 429 430 * Support for Brainpool curves in TLS 1.3 431 432 * Support for TLS Raw Public Keys (RFC 7250) 433 434 * Support for TCP Fast Open on Linux, macOS and FreeBSD, 435 where enabled and supported (RFC 7413) 436 437 * Support for TLS certificate compression, including library 438 support for zlib, Brotli and zstd (RFC 8879) 439 440 * Support for provider-based pluggable signature algorithms 441 in TLS 1.3 with supporting CMS and X.509 functionality 442 443 With a suitable provider this enables the use of post-quantum/quantum-safe 444 cryptography. 445 446 * Support for using the Windows system certificate store as a source of 447 trusted root certificates 448 449 This is not yet enabled by default and must be activated using an 450 environment variable. This is likely to become enabled by default 451 in a future feature release. 452 453 * Support for using the IANA standard names in TLS ciphersuite configuration 454 455 * Multiple new features and improvements to CMP protocol support 456 457The following known issues are present in this release and will be rectified 458in a future release: 459 460 * Provider-based signature algorithms cannot be configured using the 461 SignatureAlgorithms configuration file parameter (#22761) 462 463This release incorporates the following documentation enhancements: 464 465 * Added multiple tutorials on the OpenSSL library and in particular 466 on writing various clients (using TLS and QUIC protocols) with libssl 467 468 See [OpenSSL Guide]. 469 470This release incorporates the following bug fixes and mitigations: 471 472 * Fixed excessive time spent in DH check / generation with large Q parameter 473 value 474 ([CVE-2023-5678]) 475 476A more detailed list of changes in this release can be found in the 477[CHANGES.md] file. 478 479Users interested in using the new QUIC functionality are encouraged to read the 480[README file for QUIC][README-QUIC.md], which provides links to relevant 481documentation and example code. 482 483As always, bug reports and issues relating to OpenSSL can be [filed on our issue 484tracker][issue tracker]. 485 486OpenSSL 3.1 487----------- 488 489### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023] 490 491 * Mitigate incorrect resize handling for symmetric cipher keys and IVs. 492 ([CVE-2023-5363]) 493 494### Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023] 495 496 * Fix POLY1305 MAC implementation corrupting XMM registers on Windows 497 ([CVE-2023-4807]) 498 499### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023] 500 501 * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817]) 502 * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446]) 503 * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975]) 504 * When building with the `enable-fips` option and using the resulting 505 FIPS provider, TLS 1.2 will, by default, mandate the use of an 506 extended master secret and the Hash and HMAC DRBGs will not operate 507 with truncated digests. 508 509### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023] 510 511 * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT 512 IDENTIFIER sub-identities. ([CVE-2023-2650]) 513 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms 514 ([CVE-2023-1255]) 515 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466]) 516 * Fixed handling of invalid certificate policies in leaf certificates 517 ([CVE-2023-0465]) 518 * Limited the number of nodes created in a policy tree ([CVE-2023-0464]) 519 520### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023] 521 522 * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. 523 * Performance enhancements and new platform support including new 524 assembler code algorithm implementations. 525 * Deprecated LHASH statistics functions. 526 * FIPS 140-3 compliance changes. 527 528OpenSSL 3.0 529----------- 530 531### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] 532 533 * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) 534 * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286]) 535 * Fixed NULL dereference validating DSA public key ([CVE-2023-0217]) 536 * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216]) 537 * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215]) 538 * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450]) 539 * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304]) 540 * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203]) 541 * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996]) 542 543### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] 544 545 * Added RIPEMD160 to the default provider. 546 * Fixed regressions introduced in 3.0.6 version. 547 * Fixed two buffer overflows in punycode decoding functions. 548 ([CVE-2022-3786]) and ([CVE-2022-3602]) 549 550### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022] 551 552 * Fix for custom ciphers to prevent accidental use of NULL encryption 553 ([CVE-2022-3358]) 554 555### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022] 556 557 * Fixed heap memory corruption with RSA private key operation 558 ([CVE-2022-2274]) 559 * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms 560 ([CVE-2022-2097]) 561 562### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] 563 564 * Fixed additional bugs in the c_rehash script which was not properly 565 sanitising shell metacharacters to prevent command injection 566 ([CVE-2022-2068]) 567 568### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022] 569 570 * Fixed a bug in the c_rehash script which was not properly sanitising shell 571 metacharacters to prevent command injection ([CVE-2022-1292]) 572 * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer 573 certificate on an OCSP response ([CVE-2022-1343]) 574 * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the 575 AAD data as the MAC key ([CVE-2022-1434]) 576 * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory 577 occupied by the removed hash table entries ([CVE-2022-1473]) 578 579### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] 580 581 * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever 582 for non-prime moduli ([CVE-2022-0778]) 583 584### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021] 585 586 * Fixed invalid handling of X509_verify_cert() internal errors in libssl 587 ([CVE-2021-4044]) 588 * Allow fetching an operation from the provider that owns an unexportable key 589 as a fallback if that is still allowed by the property query. 590 591### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021] 592 593 * Enhanced 'openssl list' with many new options. 594 * Added migration guide to man7. 595 * Implemented support for fully "pluggable" TLSv1.3 groups. 596 * Added support for Kernel TLS (KTLS). 597 * Changed the license to the Apache License v2.0. 598 * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, 599 RC4, RC5, and DES to the legacy provider. 600 * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy 601 provider. 602 * Added convenience functions for generating asymmetric key pairs. 603 * Deprecated the `OCSP_REQ_CTX` type and functions. 604 * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. 605 * Deprecated the `RSA` and `RSA_METHOD` types and functions. 606 * Deprecated the `DSA` and `DSA_METHOD` types and functions. 607 * Deprecated the `DH` and `DH_METHOD` types and functions. 608 * Deprecated the `ERR_load_` functions. 609 * Remove the `RAND_DRBG` API. 610 * Deprecated the `ENGINE` API. 611 * Added `OSSL_LIB_CTX`, a libcrypto library context. 612 * Added various `_ex` functions to the OpenSSL API that support using 613 a non-default `OSSL_LIB_CTX`. 614 * Interactive mode is removed from the 'openssl' program. 615 * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are 616 included in the FIPS provider. 617 * X509 certificates signed using SHA1 are no longer allowed at security 618 level 1 or higher. The default security level for TLS is 1, so 619 certificates signed using SHA1 are by default no longer trusted to 620 authenticate servers or clients. 621 * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly 622 disabled; the project uses address sanitize/leak-detect instead. 623 * Added a Certificate Management Protocol (CMP, RFC 4210) implementation 624 also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). 625 It is part of the crypto lib and adds a 'cmp' app with a demo configuration. 626 All widely used CMP features are supported for both clients and servers. 627 * Added a proper HTTP client supporting GET with optional redirection, POST, 628 arbitrary request and response content types, TLS, persistent connections, 629 connections via HTTP(s) proxies, connections and exchange via user-defined 630 BIOs (allowing implicit connections), and timeout checks. 631 * Added util/check-format.pl for checking adherence to the coding guidelines. 632 * Added OSSL_ENCODER, a generic encoder API. 633 * Added OSSL_DECODER, a generic decoder API. 634 * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. 635 * Added error raising macros, ERR_raise() and ERR_raise_data(). 636 * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), 637 ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and 638 ERR_func_error_string(). 639 * Added OSSL_PROVIDER_available(), to check provider availability. 640 * Added 'openssl mac' that uses the EVP_MAC API. 641 * Added 'openssl kdf' that uses the EVP_KDF API. 642 * Add OPENSSL_info() and 'openssl info' to get built-in data. 643 * Add support for enabling instrumentation through trace and debug 644 output. 645 * Changed our version number scheme and set the next major release to 646 3.0.0 647 * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC 648 bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 649 and SIPHASH. 650 * Removed the heartbeat message in DTLS feature. 651 * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to 652 EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, 653 PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. 654 * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, 655 SHA256, SHA384, SHA512 and Whirlpool digest functions have been 656 deprecated. 657 * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, 658 RC4, RC5 and SEED cipher functions have been deprecated. 659 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions 660 have been deprecated. 661 * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, 662 except when RSA key exchange without SHA1 is used. 663 * Added providers, a new pluggability concept that will replace the 664 ENGINE API and ENGINE implementations. 665 666OpenSSL 1.1.1 667------------- 668 669### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] 670 671 * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) 672 * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) 673 674### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] 675 676 * Fixed a problem with verifying a certificate chain when using the 677 X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) 678 * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously 679 crafted renegotiation ClientHello message from a client ([CVE-2021-3449]) 680 681### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] 682 683 * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() 684 function ([CVE-2021-23841]) 685 * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING 686 padding mode to correctly check for rollback attacks 687 * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and 688 EVP_DecryptUpdate functions ([CVE-2021-23840]) 689 * Fixed SRP_Calc_client_key so that it runs in constant time 690 691### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] 692 693 * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971]) 694 695### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] 696 697 * Disallow explicit curve parameters in verifications chains when 698 X509_V_FLAG_X509_STRICT is used 699 * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS 700 contexts 701 * Oracle Developer Studio will start reporting deprecation warnings 702 703### Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] 704 705 * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967]) 706 707### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] 708 709 * Revert the unexpected EOF reporting via SSL_ERROR_SSL 710 711### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] 712 713 * Fixed an overflow bug in the x64_64 Montgomery squaring procedure 714 used in exponentiation with 512-bit moduli ([CVE-2019-1551]) 715 716### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] 717 718 * Fixed a fork protection issue ([CVE-2019-1549]) 719 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 720 ([CVE-2019-1563]) 721 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 722 used even when parsing explicit parameters 723 * Compute ECC cofactors if not provided during EC_GROUP construction 724 ([CVE-2019-1547]) 725 * Early start up entropy quality from the DEVRANDOM seed source has been 726 improved for older Linux systems 727 * Correct the extended master secret constant on EBCDIC systems 728 * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) 729 * Changed DH_check to accept parameters with order q and 2q subgroups 730 * Significantly reduce secure memory usage by the randomness pools 731 * Revert the DEVRANDOM_WAIT feature for Linux systems 732 733### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] 734 735 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) 736 737### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] 738 739 * Change the info callback signals for the start and end of a post-handshake 740 message exchange in TLSv1.3. 741 * Fix a bug in DTLS over SCTP. This breaks interoperability with older 742 versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. 743 744### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] 745 746 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 747 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) 748 749### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] 750 751 * Support for TLSv1.3 added. The TLSv1.3 implementation includes: 752 * Fully compliant implementation of RFC8446 (TLSv1.3) on by default 753 * Early data (0-RTT) 754 * Post-handshake authentication and key update 755 * Middlebox Compatibility Mode 756 * TLSv1.3 PSKs 757 * Support for all five RFC8446 ciphersuites 758 * RSA-PSS signature algorithms (backported to TLSv1.2) 759 * Configurable session ticket support 760 * Stateless server support 761 * Rewrite of the packet construction code for "safer" packet handling 762 * Rewrite of the extension handling code 763 For further important information, see the [TLS1.3 page]( 764 https://github.com/openssl/openssl/wiki/TLS1.3) in the OpenSSL Wiki. 765 766 * Complete rewrite of the OpenSSL random number generator to introduce the 767 following capabilities 768 * The default RAND method now utilizes an AES-CTR DRBG according to 769 NIST standard SP 800-90Ar1. 770 * Support for multiple DRBG instances with seed chaining. 771 * There is a public and private DRBG instance. 772 * The DRBG instances are fork-safe. 773 * Keep all global DRBG instances on the secure heap if it is enabled. 774 * The public and private DRBG instance are per thread for lock free 775 operation 776 * Support for various new cryptographic algorithms including: 777 * SHA3 778 * SHA512/224 and SHA512/256 779 * EdDSA (both Ed25519 and Ed448) including X509 and TLS support 780 * X448 (adding to the existing X25519 support in 1.1.0) 781 * Multi-prime RSA 782 * SM2 783 * SM3 784 * SM4 785 * SipHash 786 * ARIA (including TLS support) 787 * Significant Side-Channel attack security improvements 788 * Add a new ClientHello callback to provide the ability to adjust the SSL 789 object at an early stage. 790 * Add 'Maximum Fragment Length' TLS extension negotiation and support 791 * A new STORE module, which implements a uniform and URI based reader of 792 stores that can contain keys, certificates, CRLs and numerous other 793 objects. 794 * Move the display of configuration data to configdata.pm. 795 * Allow GNU style "make variables" to be used with Configure. 796 * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes 797 * Rewrite of devcrypto engine 798 799OpenSSL 1.1.0 800------------- 801 802### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] 803 804 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 805 ([CVE-2019-1563]) 806 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 807 used even when parsing explicit parameters 808 * Compute ECC cofactors if not provided during EC_GROUP construction 809 ([CVE-2019-1547]) 810 * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) 811 812### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] 813 814 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) 815 816### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] 817 818 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 819 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) 820 821### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] 822 823 * Client DoS due to large DH parameter ([CVE-2018-0732]) 824 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) 825 826### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] 827 828 * Constructed ASN.1 types with a recursive definition could exceed the 829 stack ([CVE-2018-0739]) 830 * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733]) 831 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) 832 833### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] 834 835 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) 836 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) 837 838### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] 839 840 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw 841 842### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] 843 844 * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733]) 845 846### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] 847 848 * Truncated packet could crash via OOB read ([CVE-2017-3731]) 849 * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730]) 850 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) 851 852### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] 853 854 * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054]) 855 * CMS Null dereference ([CVE-2016-7053]) 856 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) 857 858### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] 859 860 * Fix Use After Free for large message sizes ([CVE-2016-6309]) 861 862### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] 863 864 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 865 * SSL_peek() hang on empty record ([CVE-2016-6305]) 866 * Excessive allocation of memory in tls_get_message_header() 867 ([CVE-2016-6307]) 868 * Excessive allocation of memory in dtls1_preprocess_fragment() 869 ([CVE-2016-6308]) 870 871### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] 872 873 * Copyright text was shrunk to a boilerplate that points to the license 874 * "shared" builds are now the default when possible 875 * Added support for "pipelining" 876 * Added the AFALG engine 877 * New threading API implemented 878 * Support for ChaCha20 and Poly1305 added to libcrypto and libssl 879 * Support for extended master secret 880 * CCM ciphersuites 881 * Reworked test suite, now based on perl, Test::Harness and Test::More 882 * *Most* libcrypto and libssl public structures were made opaque, 883 including: 884 BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, 885 DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, 886 BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, 887 EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, 888 X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, 889 X509_LOOKUP, X509_LOOKUP_METHOD 890 * libssl internal structures made opaque 891 * SSLv2 support removed 892 * Kerberos ciphersuite support removed 893 * RC4 removed from DEFAULT ciphersuites in libssl 894 * 40 and 56 bit cipher support removed from libssl 895 * All public header files moved to include/openssl, no more symlinking 896 * SSL/TLS state machine, version negotiation and record layer rewritten 897 * EC revision: now operations use new EC_KEY_METHOD. 898 * Support for OCB mode added to libcrypto 899 * Support for asynchronous crypto operations added to libcrypto and libssl 900 * Deprecated interfaces can now be disabled at build time either 901 relative to the latest release via the "no-deprecated" Configure 902 argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. 903 * Application software can be compiled with -DOPENSSL_API_COMPAT=version 904 to ensure that features deprecated in that version are not exposed. 905 * Support for RFC6698/RFC7671 DANE TLSA peer authentication 906 * Change of Configure to use --prefix as the main installation 907 directory location rather than --openssldir. The latter becomes 908 the directory for certs, private key and openssl.cnf exclusively. 909 * Reworked BIO networking library, with full support for IPv6. 910 * New "unified" build system 911 * New security levels 912 * Support for scrypt algorithm 913 * Support for X25519 914 * Extended SSL_CONF support using configuration files 915 * KDF algorithm support. Implement TLS PRF as a KDF. 916 * Support for Certificate Transparency 917 * HKDF support. 918 919OpenSSL 1.0.2 920------------- 921 922### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] 923 924 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 925 ([CVE-2019-1563]) 926 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 927 used even when parsing explicit parameters 928 * Compute ECC cofactors if not provided during EC_GROUP construction 929 ([CVE-2019-1547]) 930 * Document issue with installation paths in diverse Windows builds 931 ([CVE-2019-1552]) 932 933### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] 934 935 * None 936 937### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] 938 939 * 0-byte record padding oracle ([CVE-2019-1559]) 940 941### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] 942 943 * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407]) 944 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 945 946### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] 947 948 * Client DoS due to large DH parameter ([CVE-2018-0732]) 949 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) 950 951### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] 952 953 * Constructed ASN.1 types with a recursive definition could exceed the 954 stack ([CVE-2018-0739]) 955 956### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] 957 958 * Read/write after SSL object in error state ([CVE-2017-3737]) 959 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) 960 961### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] 962 963 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) 964 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) 965 966### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] 967 968 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw 969 970### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] 971 972 * Truncated packet could crash via OOB read ([CVE-2017-3731]) 973 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) 974 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) 975 976### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] 977 978 * Missing CRL sanity check ([CVE-2016-7052]) 979 980### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] 981 982 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 983 * SWEET32 Mitigation ([CVE-2016-2183]) 984 * OOB write in MDC2_Update() ([CVE-2016-6303]) 985 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 986 * OOB write in BN_bn2dec() ([CVE-2016-2182]) 987 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) 988 * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) 989 * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) 990 * DTLS buffered message DoS ([CVE-2016-2179]) 991 * DTLS replay protection DoS ([CVE-2016-2181]) 992 * Certificate message OOB reads ([CVE-2016-6306]) 993 994### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] 995 996 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) 997 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) 998 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) 999 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) 1000 * EBCDIC overread ([CVE-2016-2176]) 1001 * Modify behavior of ALPN to invoke callback after SNI/servername 1002 callback, such that updates to the SSL_CTX affect ALPN. 1003 * Remove LOW from the DEFAULT cipher list. This removes singles DES from 1004 the default. 1005 * Only remove the SSLv2 methods with the no-ssl2-method option. 1006 1007### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] 1008 1009 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. 1010 * Disable SSLv2 default build, default negotiation and weak ciphers 1011 ([CVE-2016-0800]) 1012 * Fix a double-free in DSA code ([CVE-2016-0705]) 1013 * Disable SRP fake user seed to address a server memory leak 1014 ([CVE-2016-0798]) 1015 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1016 ([CVE-2016-0797]) 1017 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) 1018 * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) 1019 1020### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] 1021 1022 * DH small subgroups ([CVE-2016-0701]) 1023 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) 1024 1025### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] 1026 1027 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193]) 1028 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) 1029 * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) 1030 * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs 1031 * In DSA_generate_parameters_ex, if the provided seed is too short, 1032 return an error 1033 1034### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] 1035 1036 * Alternate chains certificate forgery ([CVE-2015-1793]) 1037 * Race condition handling PSK identify hint ([CVE-2015-3196]) 1038 1039### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] 1040 1041 * Fix HMAC ABI incompatibility 1042 1043### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] 1044 1045 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 1046 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 1047 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 1048 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 1049 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 1050 1051### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] 1052 1053 * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291]) 1054 * Multiblock corrupted pointer fix ([CVE-2015-0290]) 1055 * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207]) 1056 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 1057 * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208]) 1058 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 1059 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 1060 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 1061 * Empty CKE with client auth and DHE fix ([CVE-2015-1787]) 1062 * Handshake with unseeded PRNG fix ([CVE-2015-0285]) 1063 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 1064 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 1065 * Removed the export ciphers from the DEFAULT ciphers 1066 1067### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] 1068 1069 * Suite B support for TLS 1.2 and DTLS 1.2 1070 * Support for DTLS 1.2 1071 * TLS automatic EC curve selection. 1072 * API to set TLS supported signature algorithms and curves 1073 * SSL_CONF configuration API. 1074 * TLS Brainpool support. 1075 * ALPN support. 1076 * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. 1077 1078OpenSSL 1.0.1 1079------------- 1080 1081### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] 1082 1083 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 1084 * SWEET32 Mitigation ([CVE-2016-2183]) 1085 * OOB write in MDC2_Update() ([CVE-2016-6303]) 1086 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 1087 * OOB write in BN_bn2dec() ([CVE-2016-2182]) 1088 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) 1089 * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) 1090 * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) 1091 * DTLS buffered message DoS ([CVE-2016-2179]) 1092 * DTLS replay protection DoS ([CVE-2016-2181]) 1093 * Certificate message OOB reads ([CVE-2016-6306]) 1094 1095### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] 1096 1097 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) 1098 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) 1099 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) 1100 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) 1101 * EBCDIC overread ([CVE-2016-2176]) 1102 * Modify behavior of ALPN to invoke callback after SNI/servername 1103 callback, such that updates to the SSL_CTX affect ALPN. 1104 * Remove LOW from the DEFAULT cipher list. This removes singles DES from 1105 the default. 1106 * Only remove the SSLv2 methods with the no-ssl2-method option. 1107 1108### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] 1109 1110 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. 1111 * Disable SSLv2 default build, default negotiation and weak ciphers 1112 ([CVE-2016-0800]) 1113 * Fix a double-free in DSA code ([CVE-2016-0705]) 1114 * Disable SRP fake user seed to address a server memory leak 1115 ([CVE-2016-0798]) 1116 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1117 ([CVE-2016-0797]) 1118 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) 1119 * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) 1120 1121### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] 1122 1123 * Protection for DH small subgroup attacks 1124 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) 1125 1126### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] 1127 1128 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) 1129 * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) 1130 * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs 1131 * In DSA_generate_parameters_ex, if the provided seed is too short, 1132 return an error 1133 1134### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] 1135 1136 * Alternate chains certificate forgery ([CVE-2015-1793]) 1137 * Race condition handling PSK identify hint ([CVE-2015-3196]) 1138 1139### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] 1140 1141 * Fix HMAC ABI incompatibility 1142 1143### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] 1144 1145 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 1146 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 1147 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 1148 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 1149 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 1150 1151### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] 1152 1153 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 1154 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 1155 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 1156 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 1157 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 1158 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 1159 * Removed the export ciphers from the DEFAULT ciphers 1160 1161### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] 1162 1163 * Build fixes for the Windows and OpenVMS platforms 1164 1165### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] 1166 1167 * Fix for [CVE-2014-3571] 1168 * Fix for [CVE-2015-0206] 1169 * Fix for [CVE-2014-3569] 1170 * Fix for [CVE-2014-3572] 1171 * Fix for [CVE-2015-0204] 1172 * Fix for [CVE-2015-0205] 1173 * Fix for [CVE-2014-8275] 1174 * Fix for [CVE-2014-3570] 1175 1176### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] 1177 1178 * Fix for [CVE-2014-3513] 1179 * Fix for [CVE-2014-3567] 1180 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) 1181 * Fix for [CVE-2014-3568] 1182 1183### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] 1184 1185 * Fix for [CVE-2014-3512] 1186 * Fix for [CVE-2014-3511] 1187 * Fix for [CVE-2014-3510] 1188 * Fix for [CVE-2014-3507] 1189 * Fix for [CVE-2014-3506] 1190 * Fix for [CVE-2014-3505] 1191 * Fix for [CVE-2014-3509] 1192 * Fix for [CVE-2014-5139] 1193 * Fix for [CVE-2014-3508] 1194 1195### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] 1196 1197 * Fix for [CVE-2014-0224] 1198 * Fix for [CVE-2014-0221] 1199 * Fix for [CVE-2014-0198] 1200 * Fix for [CVE-2014-0195] 1201 * Fix for [CVE-2014-3470] 1202 * Fix for [CVE-2010-5298] 1203 1204### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] 1205 1206 * Fix for [CVE-2014-0160] 1207 * Add TLS padding extension workaround for broken servers. 1208 * Fix for [CVE-2014-0076] 1209 1210### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] 1211 1212 * Don't include gmt_unix_time in TLS server and client random values 1213 * Fix for TLS record tampering bug ([CVE-2013-4353]) 1214 * Fix for TLS version checking bug ([CVE-2013-6449]) 1215 * Fix for DTLS retransmission bug ([CVE-2013-6450]) 1216 1217### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] 1218 1219 * Corrected fix for ([CVE-2013-0169]) 1220 1221### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] 1222 1223 * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. 1224 * Include the fips configuration module. 1225 * Fix OCSP bad key DoS attack ([CVE-2013-0166]) 1226 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) 1227 * Fix for TLS AESNI record handling flaw ([CVE-2012-2686]) 1228 1229### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] 1230 1231 * Fix TLS/DTLS record length checking bug ([CVE-2012-2333]) 1232 * Don't attempt to use non-FIPS composite ciphers in FIPS mode. 1233 1234### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] 1235 1236 * Fix compilation error on non-x86 platforms. 1237 * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. 1238 * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 1239 1240### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] 1241 1242 * Fix for ASN1 overflow bug ([CVE-2012-2110]) 1243 * Workarounds for some servers that hang on long client hellos. 1244 * Fix SEGV in AES code. 1245 1246### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] 1247 1248 * TLS/DTLS heartbeat support. 1249 * SCTP support. 1250 * RFC 5705 TLS key material exporter. 1251 * RFC 5764 DTLS-SRTP negotiation. 1252 * Next Protocol Negotiation. 1253 * PSS signatures in certificates, requests and CRLs. 1254 * Support for password based recipient info for CMS. 1255 * Support TLS v1.2 and TLS v1.1. 1256 * Preliminary FIPS capability for unvalidated 2.0 FIPS module. 1257 * SRP support. 1258 1259OpenSSL 1.0.0 1260------------- 1261 1262### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] 1263 1264 * X509_ATTRIBUTE memory leak (([CVE-2015-3195])) 1265 * Race condition handling PSK identify hint ([CVE-2015-3196]) 1266 1267### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] 1268 1269 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 1270 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 1271 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 1272 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 1273 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 1274 1275### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] 1276 1277 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 1278 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 1279 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 1280 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 1281 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 1282 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 1283 * Removed the export ciphers from the DEFAULT ciphers 1284 1285### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] 1286 1287 * Build fixes for the Windows and OpenVMS platforms 1288 1289### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] 1290 1291 * Fix for [CVE-2014-3571] 1292 * Fix for [CVE-2015-0206] 1293 * Fix for [CVE-2014-3569] 1294 * Fix for [CVE-2014-3572] 1295 * Fix for [CVE-2015-0204] 1296 * Fix for [CVE-2015-0205] 1297 * Fix for [CVE-2014-8275] 1298 * Fix for [CVE-2014-3570] 1299 1300### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] 1301 1302 * Fix for [CVE-2014-3513] 1303 * Fix for [CVE-2014-3567] 1304 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) 1305 * Fix for [CVE-2014-3568] 1306 1307### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] 1308 1309 * Fix for [CVE-2014-3510] 1310 * Fix for [CVE-2014-3507] 1311 * Fix for [CVE-2014-3506] 1312 * Fix for [CVE-2014-3505] 1313 * Fix for [CVE-2014-3509] 1314 * Fix for [CVE-2014-3508] 1315 1316 Known issues in OpenSSL 1.0.0m: 1317 1318 * EAP-FAST and other applications using tls_session_secret_cb 1319 won't resume sessions. Fixed in 1.0.0n-dev 1320 * Compilation failure of s3_pkt.c on some platforms due to missing 1321 `<limits.h>` include. Fixed in 1.0.0n-dev 1322 1323### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] 1324 1325 * Fix for [CVE-2014-0224] 1326 * Fix for [CVE-2014-0221] 1327 * Fix for [CVE-2014-0198] 1328 * Fix for [CVE-2014-0195] 1329 * Fix for [CVE-2014-3470] 1330 * Fix for [CVE-2014-0076] 1331 * Fix for [CVE-2010-5298] 1332 1333### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] 1334 1335 * Fix for DTLS retransmission bug ([CVE-2013-6450]) 1336 1337### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] 1338 1339 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) 1340 * Fix OCSP bad key DoS attack ([CVE-2013-0166]) 1341 1342### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] 1343 1344 * Fix DTLS record length checking bug ([CVE-2012-2333]) 1345 1346### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] 1347 1348 * Fix for ASN1 overflow bug ([CVE-2012-2110]) 1349 1350### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] 1351 1352 * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884]) 1353 * Corrected fix for ([CVE-2011-4619]) 1354 * Various DTLS fixes. 1355 1356### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] 1357 1358 * Fix for DTLS DoS issue ([CVE-2012-0050]) 1359 1360### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] 1361 1362 * Fix for DTLS plaintext recovery attack ([CVE-2011-4108]) 1363 * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576]) 1364 * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619]) 1365 * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027]) 1366 * Check for malformed RFC3779 data ([CVE-2011-4577]) 1367 1368### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] 1369 1370 * Fix for CRL vulnerability issue ([CVE-2011-3207]) 1371 * Fix for ECDH crashes ([CVE-2011-3210]) 1372 * Protection against EC timing attacks. 1373 * Support ECDH ciphersuites for certificates using SHA2 algorithms. 1374 * Various DTLS fixes. 1375 1376### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] 1377 1378 * Fix for security issue ([CVE-2011-0014]) 1379 1380### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] 1381 1382 * Fix for security issue ([CVE-2010-4180]) 1383 * Fix for ([CVE-2010-4252]) 1384 * Fix mishandling of absent EC point format extension. 1385 * Fix various platform compilation issues. 1386 * Corrected fix for security issue ([CVE-2010-3864]). 1387 1388### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] 1389 1390 * Fix for security issue ([CVE-2010-3864]). 1391 * Fix for ([CVE-2010-2939]) 1392 * Fix WIN32 build system for GOST ENGINE. 1393 1394### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] 1395 1396 * Fix for security issue ([CVE-2010-1633]). 1397 * GOST MAC and CFB fixes. 1398 1399### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] 1400 1401 * RFC3280 path validation: sufficient to process PKITS tests. 1402 * Integrated support for PVK files and keyblobs. 1403 * Change default private key format to PKCS#8. 1404 * CMS support: able to process all examples in RFC4134 1405 * Streaming ASN1 encode support for PKCS#7 and CMS. 1406 * Multiple signer and signer add support for PKCS#7 and CMS. 1407 * ASN1 printing support. 1408 * Whirlpool hash algorithm added. 1409 * RFC3161 time stamp support. 1410 * New generalised public key API supporting ENGINE based algorithms. 1411 * New generalised public key API utilities. 1412 * New ENGINE supporting GOST algorithms. 1413 * SSL/TLS GOST ciphersuite support. 1414 * PKCS#7 and CMS GOST support. 1415 * RFC4279 PSK ciphersuite support. 1416 * Supported points format extension for ECC ciphersuites. 1417 * ecdsa-with-SHA224/256/384/512 signature types. 1418 * dsa-with-SHA224 and dsa-with-SHA256 signature types. 1419 * Opaque PRF Input TLS extension support. 1420 * Updated time routines to avoid OS limitations. 1421 1422OpenSSL 0.9.x 1423------------- 1424 1425### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] 1426 1427 * CFB cipher definition fixes. 1428 * Fix security issues [CVE-2010-0740] and [CVE-2010-0433]. 1429 1430### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] 1431 1432 * Cipher definition fixes. 1433 * Workaround for slow RAND_poll() on some WIN32 versions. 1434 * Remove MD2 from algorithm tables. 1435 * SPKAC handling fixes. 1436 * Support for RFC5746 TLS renegotiation extension. 1437 * Compression memory leak fixed. 1438 * Compression session resumption fixed. 1439 * Ticket and SNI coexistence fixes. 1440 * Many fixes to DTLS handling. 1441 1442### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] 1443 1444 * Temporary work around for [CVE-2009-3555]: disable renegotiation. 1445 1446### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] 1447 1448 * Fix various build issues. 1449 * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789] 1450 1451### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] 1452 1453 * Fix security issue ([CVE-2008-5077]) 1454 * Merge FIPS 140-2 branch code. 1455 1456### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] 1457 1458 * CryptoAPI ENGINE support. 1459 * Various precautionary measures. 1460 * Fix for bugs affecting certificate request creation. 1461 * Support for local machine keyset attribute in PKCS#12 files. 1462 1463### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] 1464 1465 * Backport of CMS functionality to 0.9.8. 1466 * Fixes for bugs introduced with 0.9.8f. 1467 1468### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] 1469 1470 * Add gcc 4.2 support. 1471 * Add support for AES and SSE2 assembly language optimization 1472 for VC++ build. 1473 * Support for RFC4507bis and server name extensions if explicitly 1474 selected at compile time. 1475 * DTLS improvements. 1476 * RFC4507bis support. 1477 * TLS Extensions support. 1478 1479### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] 1480 1481 * Various ciphersuite selection fixes. 1482 * RFC3779 support. 1483 1484### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] 1485 1486 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) 1487 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] 1488 * Changes to ciphersuite selection algorithm 1489 1490### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] 1491 1492 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] 1493 * New cipher Camellia 1494 1495### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] 1496 1497 * Cipher string fixes. 1498 * Fixes for VC++ 2005. 1499 * Updated ECC cipher suite support. 1500 * New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). 1501 * Zlib compression usage fixes. 1502 * Built in dynamic engine compilation support on Win32. 1503 * Fixes auto dynamic engine loading in Win32. 1504 1505### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] 1506 1507 * Fix potential SSL 2.0 rollback ([CVE-2005-2969]) 1508 * Extended Windows CE support 1509 1510### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] 1511 1512 * Major work on the BIGNUM library for higher efficiency and to 1513 make operations more streamlined and less contradictory. This 1514 is the result of a major audit of the BIGNUM library. 1515 * Addition of BIGNUM functions for fields GF(2^m) and NIST 1516 curves, to support the Elliptic Crypto functions. 1517 * Major work on Elliptic Crypto; ECDH and ECDSA added, including 1518 the use through EVP, X509 and ENGINE. 1519 * New ASN.1 mini-compiler that's usable through the OpenSSL 1520 configuration file. 1521 * Added support for ASN.1 indefinite length constructed encoding. 1522 * New PKCS#12 'medium level' API to manipulate PKCS#12 files. 1523 * Complete rework of shared library construction and linking 1524 programs with shared or static libraries, through a separate 1525 Makefile.shared. 1526 * Rework of the passing of parameters from one Makefile to another. 1527 * Changed ENGINE framework to load dynamic engine modules 1528 automatically from specifically given directories. 1529 * New structure and ASN.1 functions for CertificatePair. 1530 * Changed the ZLIB compression method to be stateful. 1531 * Changed the key-generation and primality testing "progress" 1532 mechanism to take a structure that contains the ticker 1533 function and an argument. 1534 * New engine module: GMP (performs private key exponentiation). 1535 * New engine module: VIA PadLOck ACE extension in VIA C3 1536 Nehemiah processors. 1537 * Added support for IPv6 addresses in certificate extensions. 1538 See RFC 1884, section 2.2. 1539 * Added support for certificate policy mappings, policy 1540 constraints and name constraints. 1541 * Added support for multi-valued AVAs in the OpenSSL 1542 configuration file. 1543 * Added support for multiple certificates with the same subject 1544 in the 'openssl ca' index file. 1545 * Make it possible to create self-signed certificates using 1546 'openssl ca -selfsign'. 1547 * Make it possible to generate a serial number file with 1548 'openssl ca -create_serial'. 1549 * New binary search functions with extended functionality. 1550 * New BUF functions. 1551 * New STORE structure and library to provide an interface to all 1552 sorts of data repositories. Supports storage of public and 1553 private keys, certificates, CRLs, numbers and arbitrary blobs. 1554 This library is unfortunately unfinished and unused within 1555 OpenSSL. 1556 * New control functions for the error stack. 1557 * Changed the PKCS#7 library to support one-pass S/MIME 1558 processing. 1559 * Added the possibility to compile without old deprecated 1560 functionality with the OPENSSL_NO_DEPRECATED macro or the 1561 'no-deprecated' argument to the config and Configure scripts. 1562 * Constification of all ASN.1 conversion functions, and other 1563 affected functions. 1564 * Improved platform support for PowerPC. 1565 * New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). 1566 * New X509_VERIFY_PARAM structure to support parameterisation 1567 of X.509 path validation. 1568 * Major overhaul of RC4 performance on Intel P4, IA-64 and 1569 AMD64. 1570 * Changed the Configure script to have some algorithms disabled 1571 by default. Those can be explicitly enabled with the new 1572 argument form 'enable-xxx'. 1573 * Change the default digest in 'openssl' commands from MD5 to 1574 SHA-1. 1575 * Added support for DTLS. 1576 * New BIGNUM blinding. 1577 * Added support for the RSA-PSS encryption scheme 1578 * Added support for the RSA X.931 padding. 1579 * Added support for BSD sockets on NetWare. 1580 * Added support for files larger than 2GB. 1581 * Added initial support for Win64. 1582 * Added alternate pkg-config files. 1583 1584### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] 1585 1586 * FIPS 1.1.1 module linking. 1587 * Various ciphersuite selection fixes. 1588 1589### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] 1590 1591 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) 1592 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] 1593 1594### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] 1595 1596 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] 1597 1598### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] 1599 1600 * Visual C++ 2005 fixes. 1601 * Update Windows build system for FIPS. 1602 1603### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] 1604 1605 * Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. 1606 1607### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] 1608 1609 * Fix SSL 2.0 Rollback ([CVE-2005-2969]) 1610 * Allow use of fixed-length exponent on DSA signing 1611 * Default fixed-window RSA, DSA, DH private-key operations 1612 1613### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] 1614 1615 * More compilation issues fixed. 1616 * Adaptation to more modern Kerberos API. 1617 * Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. 1618 * Enhanced x86_64 assembler BIGNUM module. 1619 * More constification. 1620 * Added processing of proxy certificates (RFC 3820). 1621 1622### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] 1623 1624 * Several compilation issues fixed. 1625 * Many memory allocation failure checks added. 1626 * Improved comparison of X509 Name type. 1627 * Mandatory basic checks on certificates. 1628 * Performance improvements. 1629 1630### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] 1631 1632 * Fix race condition in CRL checking code. 1633 * Fixes to PKCS#7 (S/MIME) code. 1634 1635### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] 1636 1637 * Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug 1638 * Security: Fix null-pointer assignment in do_change_cipher_spec() 1639 * Allow multiple active certificates with same subject in CA index 1640 * Multiple X509 verification fixes 1641 * Speed up HMAC and other operations 1642 1643### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] 1644 1645 * Security: fix various ASN1 parsing bugs. 1646 * New -ignore_err option to OCSP utility. 1647 * Various interop and bug fixes in S/MIME code. 1648 * SSL/TLS protocol fix for unrequested client certificates. 1649 1650### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] 1651 1652 * Security: counter the Klima-Pokorny-Rosa extension of 1653 Bleichbacher's attack 1654 * Security: make RSA blinding default. 1655 * Configuration: Irix fixes, AIX fixes, better mingw support. 1656 * Support for new platforms: linux-ia64-ecc. 1657 * Build: shared library support fixes. 1658 * ASN.1: treat domainComponent correctly. 1659 * Documentation: fixes and additions. 1660 1661### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] 1662 1663 * Security: Important security related bugfixes. 1664 * Enhanced compatibility with MIT Kerberos. 1665 * Can be built without the ENGINE framework. 1666 * IA32 assembler enhancements. 1667 * Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. 1668 * Configuration: the no-err option now works properly. 1669 * SSL/TLS: now handles manual certificate chain building. 1670 * SSL/TLS: certain session ID malfunctions corrected. 1671 1672### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] 1673 1674 * New library section OCSP. 1675 * Complete rewrite of ASN1 code. 1676 * CRL checking in verify code and openssl utility. 1677 * Extension copying in 'ca' utility. 1678 * Flexible display options in 'ca' utility. 1679 * Provisional support for international characters with UTF8. 1680 * Support for external crypto devices ('engine') is no longer 1681 a separate distribution. 1682 * New elliptic curve library section. 1683 * New AES (Rijndael) library section. 1684 * Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, 1685 Linux x86_64, Linux 64-bit on Sparc v9 1686 * Extended support for some platforms: VxWorks 1687 * Enhanced support for shared libraries. 1688 * Now only builds PIC code when shared library support is requested. 1689 * Support for pkg-config. 1690 * Lots of new manuals. 1691 * Makes symbolic links to or copies of manuals to cover all described 1692 functions. 1693 * Change DES API to clean up the namespace (some applications link also 1694 against libdes providing similar functions having the same name). 1695 Provide macros for backward compatibility (will be removed in the 1696 future). 1697 * Unify handling of cryptographic algorithms (software and engine) 1698 to be available via EVP routines for asymmetric and symmetric ciphers. 1699 * NCONF: new configuration handling routines. 1700 * Change API to use more 'const' modifiers to improve error checking 1701 and help optimizers. 1702 * Finally remove references to RSAref. 1703 * Reworked parts of the BIGNUM code. 1704 * Support for new engines: Broadcom ubsec, Accelerated Encryption 1705 Processing, IBM 4758. 1706 * A few new engines added in the demos area. 1707 * Extended and corrected OID (object identifier) table. 1708 * PRNG: query at more locations for a random device, automatic query for 1709 EGD style random sources at several locations. 1710 * SSL/TLS: allow optional cipher choice according to server's preference. 1711 * SSL/TLS: allow server to explicitly set new session ids. 1712 * SSL/TLS: support Kerberos cipher suites (RFC2712). 1713 Only supports MIT Kerberos for now. 1714 * SSL/TLS: allow more precise control of renegotiations and sessions. 1715 * SSL/TLS: add callback to retrieve SSL/TLS messages. 1716 * SSL/TLS: support AES cipher suites (RFC3268). 1717 1718### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] 1719 1720 * Security: fix various ASN1 parsing bugs. 1721 * SSL/TLS protocol fix for unrequested client certificates. 1722 1723### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] 1724 1725 * Security: counter the Klima-Pokorny-Rosa extension of 1726 Bleichbacher's attack 1727 * Security: make RSA blinding default. 1728 * Build: shared library support fixes. 1729 1730### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] 1731 1732 * Important security related bugfixes. 1733 1734### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] 1735 1736 * New configuration targets for Tandem OSS and A/UX. 1737 * New OIDs for Microsoft attributes. 1738 * Better handling of SSL session caching. 1739 * Better comparison of distinguished names. 1740 * Better handling of shared libraries in a mixed GNU/non-GNU environment. 1741 * Support assembler code with Borland C. 1742 * Fixes for length problems. 1743 * Fixes for uninitialised variables. 1744 * Fixes for memory leaks, some unusual crashes and some race conditions. 1745 * Fixes for smaller building problems. 1746 * Updates of manuals, FAQ and other instructive documents. 1747 1748### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] 1749 1750 * Important building fixes on Unix. 1751 1752### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] 1753 1754 * Various important bugfixes. 1755 1756### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] 1757 1758 * Important security related bugfixes. 1759 * Various SSL/TLS library bugfixes. 1760 1761### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] 1762 1763 * Various SSL/TLS library bugfixes. 1764 * Fix DH parameter generation for 'non-standard' generators. 1765 1766### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] 1767 1768 * Various SSL/TLS library bugfixes. 1769 * BIGNUM library fixes. 1770 * RSA OAEP and random number generation fixes. 1771 * Object identifiers corrected and added. 1772 * Add assembler BN routines for IA64. 1773 * Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 1774 MIPS Linux; shared library support for Irix, HP-UX. 1775 * Add crypto accelerator support for AEP, Baltimore SureWare, 1776 Broadcom and Cryptographic Appliance's keyserver 1777 [in 0.9.6c-engine release]. 1778 1779### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] 1780 1781 * Security fix: PRNG improvements. 1782 * Security fix: RSA OAEP check. 1783 * Security fix: Reinsert and fix countermeasure to Bleichbacher's 1784 attack. 1785 * MIPS bug fix in BIGNUM. 1786 * Bug fix in "openssl enc". 1787 * Bug fix in X.509 printing routine. 1788 * Bug fix in DSA verification routine and DSA S/MIME verification. 1789 * Bug fix to make PRNG thread-safe. 1790 * Bug fix in RAND_file_name(). 1791 * Bug fix in compatibility mode trust settings. 1792 * Bug fix in blowfish EVP. 1793 * Increase default size for BIO buffering filter. 1794 * Compatibility fixes in some scripts. 1795 1796### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] 1797 1798 * Security fix: change behavior of OpenSSL to avoid using 1799 environment variables when running as root. 1800 * Security fix: check the result of RSA-CRT to reduce the 1801 possibility of deducing the private key from an incorrectly 1802 calculated signature. 1803 * Security fix: prevent Bleichenbacher's DSA attack. 1804 * Security fix: Zero the premaster secret after deriving the 1805 master secret in DH ciphersuites. 1806 * Reimplement SSL_peek(), which had various problems. 1807 * Compatibility fix: the function des_encrypt() renamed to 1808 des_encrypt1() to avoid clashes with some Unixen libc. 1809 * Bug fixes for Win32, HP/UX and Irix. 1810 * Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 1811 memory checking routines. 1812 * Bug fixes for RSA operations in threaded environments. 1813 * Bug fixes in misc. openssl applications. 1814 * Remove a few potential memory leaks. 1815 * Add tighter checks of BIGNUM routines. 1816 * Shared library support has been reworked for generality. 1817 * More documentation. 1818 * New function BN_rand_range(). 1819 * Add "-rand" option to openssl s_client and s_server. 1820 1821### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] 1822 1823 * Some documentation for BIO and SSL libraries. 1824 * Enhanced chain verification using key identifiers. 1825 * New sign and verify options to 'dgst' application. 1826 * Support for DER and PEM encoded messages in 'smime' application. 1827 * New 'rsautl' application, low-level RSA utility. 1828 * MD4 now included. 1829 * Bugfix for SSL rollback padding check. 1830 * Support for external crypto devices [1]. 1831 * Enhanced EVP interface. 1832 1833 [1] The support for external crypto devices is currently a separate 1834 distribution. See the file README-Engine.md. 1835 1836### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] 1837 1838 * Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 1839 * Shared library support for HPUX and Solaris-gcc 1840 * Support of Linux/IA64 1841 * Assembler support for Mingw32 1842 * New 'rand' application 1843 * New way to check for existence of algorithms from scripts 1844 1845### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] 1846 1847 * S/MIME support in new 'smime' command 1848 * Documentation for the OpenSSL command line application 1849 * Automation of 'req' application 1850 * Fixes to make s_client, s_server work under Windows 1851 * Support for multiple fieldnames in SPKACs 1852 * New SPKAC command line utility and associated library functions 1853 * Options to allow passwords to be obtained from various sources 1854 * New public key PEM format and options to handle it 1855 * Many other fixes and enhancements to command line utilities 1856 * Usable certificate chain verification 1857 * Certificate purpose checking 1858 * Certificate trust settings 1859 * Support of authority information access extension 1860 * Extensions in certificate requests 1861 * Simplified X509 name and attribute routines 1862 * Initial (incomplete) support for international character sets 1863 * New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 1864 * Read only memory BIOs and simplified creation function 1865 * TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 1866 record; allow fragmentation and interleaving of handshake and other 1867 data 1868 * TLS/SSL code now "tolerates" MS SGC 1869 * Work around for Netscape client certificate hang bug 1870 * RSA_NULL option that removes RSA patent code but keeps other 1871 RSA functionality 1872 * Memory leak detection now allows applications to add extra information 1873 via a per-thread stack 1874 * PRNG robustness improved 1875 * EGD support 1876 * BIGNUM library bug fixes 1877 * Faster DSA parameter generation 1878 * Enhanced support for Alpha Linux 1879 * Experimental macOS support 1880 1881### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] 1882 1883 * Transparent support for PKCS#8 format private keys: these are used 1884 by several software packages and are more secure than the standard 1885 form 1886 * PKCS#5 v2.0 implementation 1887 * Password callbacks have a new void * argument for application data 1888 * Avoid various memory leaks 1889 * New pipe-like BIO that allows using the SSL library when actual I/O 1890 must be handled by the application (BIO pair) 1891 1892### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] 1893 1894 * Lots of enhancements and cleanups to the Configuration mechanism 1895 * RSA OEAP related fixes 1896 * Added "openssl ca -revoke" option for revoking a certificate 1897 * Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 1898 * Source tree cleanups: removed lots of obsolete files 1899 * Thawte SXNet, certificate policies and CRL distribution points 1900 extension support 1901 * Preliminary (experimental) S/MIME support 1902 * Support for ASN.1 UTF8String and VisibleString 1903 * Full integration of PKCS#12 code 1904 * Sparc assembler bignum implementation, optimized hash functions 1905 * Option to disable selected ciphers 1906 1907### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] 1908 1909 * Fixed a security hole related to session resumption 1910 * Fixed RSA encryption routines for the p < q case 1911 * "ALL" in cipher lists now means "everything except NULL ciphers" 1912 * Support for Triple-DES CBCM cipher 1913 * Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 1914 * First support for new TLSv1 ciphers 1915 * Added a few new BIOs (syslog BIO, reliable BIO) 1916 * Extended support for DSA certificate/keys. 1917 * Extended support for Certificate Signing Requests (CSR) 1918 * Initial support for X.509v3 extensions 1919 * Extended support for compression inside the SSL record layer 1920 * Overhauled Win32 builds 1921 * Cleanups and fixes to the Big Number (BN) library 1922 * Support for ASN.1 GeneralizedTime 1923 * Split ASN.1 SETs from SEQUENCEs 1924 * ASN1 and PEM support for Netscape Certificate Sequences 1925 * Overhauled Perl interface 1926 * Lots of source tree cleanups. 1927 * Lots of memory leak fixes. 1928 * Lots of bug fixes. 1929 1930### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] 1931 1932 * Integration of the popular NO_RSA/NO_DSA patches 1933 * Initial support for compression inside the SSL record layer 1934 * Added BIO proxy and filtering functionality 1935 * Extended Big Number (BN) library 1936 * Added RIPE MD160 message digest 1937 * Added support for RC2/64bit cipher 1938 * Extended ASN.1 parser routines 1939 * Adjustments of the source tree for CVS 1940 * Support for various new platforms 1941 1942<!-- Links --> 1943[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 1944[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 1945[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 1946[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 1947[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 1948[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 1949[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 1950[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 1951[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 1952[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 1953[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 1954[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 1955[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 1956[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 1957[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 1958[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 1959[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 1960[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 1961[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 1962[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 1963[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 1964[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 1965[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 1966[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 1967[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 1968[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 1969[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 1970[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 1971[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 1972[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 1973[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 1974[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 1975[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 1976[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 1977[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 1978[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 1979[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 1980[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 1981[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 1982[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 1983[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 1984[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 1985[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 1986[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 1987[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 1988[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 1989[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 1990[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 1991[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 1992[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 1993[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 1994[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 1995[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 1996[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 1997[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 1998[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 1999[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 2000[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 2001[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 2002[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 2003[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 2004[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 2005[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 2006[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 2007[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 2008[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 2009[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 2010[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 2011[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 2012[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 2013[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 2014[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 2015[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 2016[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 2017[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 2018[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 2019[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 2020[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 2021[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 2022[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 2023[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 2024[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 2025[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 2026[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 2027[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 2028[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 2029[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 2030[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 2031[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 2032[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 2033[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 2034[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 2035[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 2036[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 2037[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 2038[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 2039[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 2040[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 2041[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 2042[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 2043[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 2044[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 2045[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 2046[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 2047[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 2048[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 2049[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 2050[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 2051[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 2052[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 2053[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 2054[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 2055[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 2056[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 2057[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 2058[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 2059[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 2060[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 2061[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 2062[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 2063[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 2064[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 2065[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 2066[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 2067[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 2068[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 2069[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 2070[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 2071[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 2072[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 2073[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 2074[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 2075[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 2076[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 2077[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 2078[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 2079[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 2080[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 2081[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198 2082[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 2083[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 2084[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 2085[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 2086[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449 2087[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 2088[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 2089[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 2090[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 2091[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 2092[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 2093[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 2094[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 2095[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 2096[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 2097[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 2098[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 2099[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 2100[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 2101[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 2102[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 2103[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298 2104[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 2105[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 2106[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 2107[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939 2108[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 2109[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 2110[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 2111[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 2112[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 2113[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 2114[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 2115[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 2116[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 2117[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 2118[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737 2119[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 2120[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 2121[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 2122[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html 2123[CHANGES.md]: ./CHANGES.md 2124[README-QUIC.md]: ./README-QUIC.md 2125[issue tracker]: https://github.com/openssl/openssl/issues 2126[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program 2127[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations 2128[jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library 2129