OpenSSL    
 Newsflash |  State |  Release Notes |  ChangeLog |  Vulnerabilities 
 
Title
FAQ
About
News
Documents
Source
Support
Related
Security

 

OpenSSL 1.0.0 Branch Release notes

The major changes and known issues for the 1.0.0 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

Additional details of changes can be found in the ChangeLog for OpenSSL 1.0.0.

A complete list of changes to OpenSSL 1.0.0 can be found in the git repository commit log.

Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [under development]

Known issues in OpenSSL 1.0.0m:
  • EAP-FAST and other applications using tls_session_secret_cb wont resume sessions. Fixed in 1.0.0n-dev
  • Compilation failure of s3_pkt.c on some platforms due to missing <limits.h> include. Fixed in 1.0.0n-dev
Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]: Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]: Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
  • Fix for CRL vulnerability issue CVE-2011-3207
  • Fix for ECDH crashes CVE-2011-3210
  • Protection against EC timing attacks.
  • Support ECDH ciphersuites for certificates using SHA2 algorithms.
  • Various DTLS fixes.
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]: Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
  • Fix for security issue CVE-2010-4180
  • Fix for CVE-2010-4252
  • Fix mishandling of absent EC point format extension.
  • Fix various platform compilation issues.
  • Corrected fix for security issue CVE-2010-3864.
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]: Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]: Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
  • RFC3280 path validation: sufficient to process PKITS tests.
  • Integrated support for PVK files and keyblobs.
  • Change default private key format to PKCS#8.
  • CMS support: able to process all examples in RFC4134
  • Streaming ASN1 encode support for PKCS#7 and CMS.
  • Multiple signer and signer add support for PKCS#7 and CMS.
  • ASN1 printing support.
  • Whirlpool hash algorithm added.
  • RFC3161 time stamp support.
  • New generalised public key API supporting ENGINE based algorithms.
  • New generalised public key API utilities.
  • New ENGINE supporting GOST algorithms.
  • SSL/TLS GOST ciphersuite support.
  • PKCS#7 and CMS GOST support.
  • RFC4279 PSK ciphersuite support.
  • Supported points format extension for ECC ciphersuites.
  • ecdsa-with-SHA224/256/384/512 signature types.
  • dsa-with-SHA224 and dsa-with-SHA256 signature types.
  • Opaque PRF Input TLS extension support.
  • Updated time routines to avoid OS limitations.