OpenSSL 1.0.0 Branch Release notes
The major changes and known issues for the 1.0.0 branch of the OpenSSL
toolkit are summarised below. The contents reflect the current state of the
NEWS file inside the git repository.
Additional details of changes can be found in the ChangeLog for OpenSSL 1.0.0.
A complete list of changes to OpenSSL 1.0.0 can be found in the git repository commit log.
Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [under development]
Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014]
Known issues in OpenSSL 1.0.0m:
Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014]
Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
- EAP-FAST and other applications using tls_session_secret_cb
wont resume sessions. Fixed in 1.0.0n-dev
- Compilation failure of s3_pkt.c on some platforms due to missing
<limits.h> include. Fixed in 1.0.0n-dev
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
- Fix for CRL vulnerability issue CVE-2011-3207
- Fix for ECDH crashes CVE-2011-3210
- Protection against EC timing attacks.
- Support ECDH ciphersuites for certificates using SHA2 algorithms.
- Various DTLS fixes.
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
- Fix for security issue CVE-2010-4180
- Fix for CVE-2010-4252
- Fix mishandling of absent EC point format extension.
- Fix various platform compilation issues.
- Corrected fix for security issue CVE-2010-3864.
- RFC3280 path validation: sufficient to process PKITS tests.
- Integrated support for PVK files and keyblobs.
- Change default private key format to PKCS#8.
- CMS support: able to process all examples in RFC4134
- Streaming ASN1 encode support for PKCS#7 and CMS.
- Multiple signer and signer add support for PKCS#7 and CMS.
- ASN1 printing support.
- Whirlpool hash algorithm added.
- RFC3161 time stamp support.
- New generalised public key API supporting ENGINE based algorithms.
- New generalised public key API utilities.
- New ENGINE supporting GOST algorithms.
- SSL/TLS GOST ciphersuite support.
- PKCS#7 and CMS GOST support.
- RFC4279 PSK ciphersuite support.
- Supported points format extension for ECC ciphersuites.
- ecdsa-with-SHA224/256/384/512 signature types.
- dsa-with-SHA224 and dsa-with-SHA256 signature types.
- Opaque PRF Input TLS extension support.
- Updated time routines to avoid OS limitations.