OpenSSL

Cryptography and SSL/TLS Toolkit

OpenSSL 1.0.2 Series Release Notes

The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

More details can be found in the ChangeLog.

Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]

Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]

  • BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
  • Certificate verify crash with missing PSS parameter (CVE-2015-3194)
  • X509_ATTRIBUTE memory leak (CVE-2015-3195)
  • Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
  • In DSA_generate_parameters_ex, if the provided seed is too short, return an error

Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]

Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]

  • Fix HMAC ABI incompatibility

Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]

Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]

Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:

  • Suite B support for TLS 1.2 and DTLS 1.2
  • Support for DTLS 1.2
  • TLS automatic EC curve selection.
  • API to set TLS supported signature algorithms and curves
  • SSL_CONF configuration API.
  • TLS Brainpool support.
  • ALPN support.
  • CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.