OpenSSL 1.0.1 Branch Release notes
The major changes and known issues for the 1.0.1 branch of the OpenSSL
toolkit are summarised below. The contents reflect the current state of the
NEWS file inside the git repository.
Additional details of changes can be found in the ChangeLog for OpenSSL 1.0.1.
A complete list of changes to OpenSSL 1.0.1 can be found in the git repository commit log.
Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [under development]
Known issues in OpenSSL 1.0.1h:
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
- EAP-FAST and other applications using tls_session_secret_cb
wont resume sessions. Fixed in 1.0.1i-dev
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
- Don't include gmt_unix_time in TLS server and client random values
- Fix for TLS record tampering bug CVE-2013-4353
- Fix for TLS version checking bug CVE-2013-6449
- Fix for DTLS retransmission bug CVE-2013-6450
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
- Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
- Include the fips configuration module.
- Fix OCSP bad key DoS attack CVE-2013-0166
- Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- Fix for TLS AESNI record handling flaw CVE-2012-2686
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
- Fix TLS/DTLS record length checking bug CVE-2012-2333
- Don't attempt to use non-FIPS composite ciphers in FIPS mode.
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
- Fix compilation error on non-x86 platforms.
- Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
- Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
- Fix for ASN1 overflow bug CVE-2012-2110
- Workarounds for some servers that hang on long client hellos.
- Fix SEGV in AES code.
- TLS/DTLS heartbeat support.
- SCTP support.
- RFC 5705 TLS key material exporter.
- RFC 5764 DTLS-SRTP negotiation.
- Next Protocol Negotiation.
- PSS signatures in certificates, requests and CRLs.
- Support for password based recipient info for CMS.
- Support TLS v1.2 and TLS v1.1.
- Preliminary FIPS capability for unvalidated 2.0 FIPS module.
- SRP support.