Skip to content
CHANGES 446 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 1.0.x and 1.1.0  [xx XXX xxxx]
Rob Stradling's avatar
Rob Stradling committed
  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
     [Rob Stradling, Adam Langley]

  *) Experimental encrypt-then-mac support.
    
     Experimental support for encrypt then mac from
     draft-gutmann-tls-encrypt-then-mac-02.txt
     To enable it set the appropriate extension number (0x10 for the test
     server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
     For non-compliant peers (i.e. just about everything) this should have no
     effect.

     WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.

     NOTE: unfortunately the test server value (0x10) clashes with the draft
     ALPN extension. Until this is resolved the only way to check against the
     test server is to temporarily change the ALPN extension value (ugh!).

  *) Add callbacks supporting generation and retrieval of supplemental
     data entries.
     [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie]

  *) Add EVP support for key wrapping algorithms, to avoid problems with
     existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
     the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
     algorithms and include tests cases.
     [Steve Henson]

Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
  *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for
     enveloped data.
     [Steve Henson]

  *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
     MGF1 digest and OAEP label.
     [Steve Henson]

  *) Add callbacks for arbitrary TLS extensions.
     [Trevor Perrin <trevp@trevp.net> and Ben Laurie]

  *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method()
     supports both DTLS 1.2 and 1.0 and should use whatever version the peer
     supports and DTLSv1_2_*_method() which supports DTLS 1.2 only.
     [Steve Henson]

  *) Make openssl verify return errors.
     [Chris Palmer <palmer@google.com> and Ben Laurie]

Ben Laurie's avatar
Ben Laurie committed
  *) Fix OCSP checking.
     [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
  *) New option -crl_download in several openssl utilities to download CRLs
     from CRLDP extension in certificates.
     [Steve Henson]

  *) Integrate hostname, email address and IP address checking with certificate
     verification. New verify options supporting checking in openssl utility.
  *) New function X509_CRL_diff to generate a delta CRL from the difference
     of two full CRLs. Add support to "crl" utility.
     [Steve Henson]

  *) New options -CRL and -CRLform for s_client and s_server for CRLs.
     [Steve Henson]

  *) Extend OCSP I/O functions so they can be used for simple general purpose
     HTTP as well as OCSP. New wrapper function which can be used to download
     CRLs using the OCSP API.
     [Steve Henson]

  *) New functions to set lookup_crls callback and to retrieve
  *) New ctrl and macro to retrieve supported points extensions.
     Print out extension in s_server and s_client.
  *) New function ASN1_TIME_diff to calculate the difference between two
     ASN1_TIME structures or one structure and the current time.
     [Steve Henson]

Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
  *) Fixes and wildcard matching support to hostname and email checking
     functions. Add manual page.
     [Florian Weimer (Red Hat Product Security Team)]

  *) New experimental SSL_CONF* functions. These provide a common framework
     for application configuration using configuration files or command lines.
     [Steve Henson]

  *) New functions to check a hostname email or IP address against a
Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
     certificate. Add options x509 utility to print results of checks against
     a certificate.
  *) Add -rev test option to s_server to just reverse order of characters
     received by client and send back to server. Also prints an abbreviated
     summary of the connection parameters.
     [Steve Henson]

  *) New option -brief for s_client and s_server to print out a brief summary
     of connection parameters.
     [Steve Henson]

  *) Add functions to retrieve and manipulate the raw cipherlist sent by a
     client to OpenSSL.
     [Steve Henson]

  *) New Suite B modes for TLS code. These use and enforce the requirements
     of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
     only use Suite B curves. The Suite B modes can be set by using the
     strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring.
     [Steve Henson]

  *) New chain verification flags for Suite B levels of security. Check
     algorithms are acceptable when flags are set in X509_verify_cert.
     [Steve Henson]

  *) Make tls1_check_chain return a set of flags indicating checks passed
     by a certificate chain. Add additional tests to handle client
     certificates: checks for matching certificate type and issuer name
     comparison.
     [Steve Henson]

  *) If an attempt is made to use a signature algorithm not in the peer
     preference list abort the handshake. If client has no suitable
     signature algorithms in response to a certificate request do not
     use the certificate.
     [Steve Henson]

  *) If server EC tmp key is not in client preference list abort handshake.
     [Steve Henson]

  *) Add support for certificate stores in CERT structure. This makes it
     possible to have different stores per SSL structure or one store in
     the parent SSL_CTX. Include distinct stores for certificate chain
     verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
     to build and store a certificate chain in CERT structure: returning
     an error if the chain cannot be built: this will allow applications
     to test if a chain is correctly configured.

     Note: if the CERT based stores are not set then the parent SSL_CTX
     store is used to retain compatibility with existing behaviour.

     [Steve Henson]

  *) New function ssl_set_client_disabled to set a ciphersuite disabled
     mask based on the current session, check mask when sending client
     hello and checking the requested ciphersuite.
     [Steve Henson]

  *) New ctrls to retrieve and set certificate types in a certificate
     request message. Print out received values in s_client. If certificate
     types is not set with custom values set sensible values based on
     supported signature algorithms.
     [Steve Henson]

  *) Support for distinct client and server supported signature algorithms.
     [Steve Henson]

  *) Add certificate callback. If set this is called whenever a certificate
     is required by client or server. An application can decide which
     certificate chain to present based on arbitrary criteria: for example
     supported signature algorithms. Add very simple example to s_server.
     This fixes many of the problems and restrictions of the existing client
     certificate callback: for example you can now clear an existing
     certificate and specify the whole chain.
     [Steve Henson]

  *) Add new "valid_flags" field to CERT_PKEY structure which determines what
     the certificate can be used for (if anything). Set valid_flags field 
     in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
     to have similar checks in it.

     Add new "cert_flags" field to CERT structure and include a "strict mode".
     This enforces some TLS certificate requirements (such as only permitting
     certificate signature algorithms contained in the supported algorithms
     extension) which some implementations ignore: this option should be used
     with caution as it could cause interoperability issues.
     [Steve Henson]

  *) Update and tidy signature algorithm extension processing. Work out
     shared signature algorithms based on preferences and peer algorithms
     and print them out in s_client and s_server. Abort handshake if no
     shared signature algorithms.
Loading full blame...