OpenSSL

Cryptography and SSL/TLS Toolkit

OpenSSL 1.1.1 Series Release Notes

The major changes and known issues for the 1.1.1 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

More details can be found in the ChangeLog.

Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.1 [in pre-release]

  • Support for TLSv1.3 added
  • Move the display of configuration data to configdata.pm.
  • Allow GNU style "make variables" to be used with Configure.
  • Add a STORE module (OSSL_STORE)
  • Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
  • Add multi-prime RSA (RFC 8017) support
  • Add SM3 implemented according to GB/T 32905-2016
  • Add SM4 implemented according to GB/T 32907-2016.
  • Add 'Maximum Fragment Length' TLS extension negotiation and support
  • Add ARIA support
  • Add SHA3
  • Rewrite of devcrypto engine
  • Add support for SipHash
  • Grand redesign of the OpenSSL random generator
  • Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
  • Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
  • rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)