Commit 6ccfc8fa authored by Matt Caswell's avatar Matt Caswell
Browse files

More updates to CHANGES and NEWS for the 1.1.1 release 



Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)
parent 3f8b623a

CHANGES

+8 −0
Original line number Diff line number Diff line
@@ -9,6 +9,14 @@ 














 Changes between 1.1.0i and 1.1.1 [xx XXX xxxx]



























  *) Add a new ClientHello callback. Provides a callback interface that gives













     the application the ability to adjust the nascent SSL object at the













     earliest stage of ClientHello processing, immediately after extensions have













     been collected but before they have been processed. In particular, this













     callback can adjust the supported TLS versions in response to the contents













     of the ClientHello













     [Benjamin Kaduk]



























  *) Add SM2 base algorithm support.















     [Jack Lloyd]















































NEWS



+16
−2






























Original line number
Diff line number
Diff line








@@ -7,7 +7,19 @@





























  Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release]





























      o Support for TLSv1.3 added













      o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3













        for further important information). The TLSv1.3 implementation includes:













          o Fully compliant implementation of RFC8446 (TLSv1.3) on by default













          o Early data (0-RTT)













          o Post-handshake authentication and key update













          o Middlebox Compatibility Mode













          o TLSv1.3 PSKs













          o Support for all five RFC8446 ciphersuites













          o RSA-PSS signature algorithms (backported to TLSv1.2)













          o Configurable session ticket support













          o Stateless server support













          o Rewrite of the packet construction code for "safer" packet handling













          o Rewrite of the extension handling code















      o Complete rewrite of the OpenSSL random number generator to introduce the















        following capabilities















          o The default RAND method now utilizes an AES-CTR DRBG according to









@@ -21,7 +33,7 @@













      o Support for various new cryptographic algorithms including:















          o SHA3















          o SHA512/224 and SHA512/256













          o EdDSA (including Ed25519 and Ed448)













          o EdDSA (both Ed25519 and Ed448) including X509 and TLS support















          o X448 (adding to the existing X25519 support in 1.1.0)















          o Multi-prime RSA















          o SM2









@@ -30,6 +42,8 @@













          o SipHash















          o ARIA (including TLS support)















      o Significant Side-Channel attack security improvements













      o Add a new ClientHello callback to provide the ability to adjust the SSL













        object at an early stage.















      o Add 'Maximum Fragment Length' TLS extension negotiation and support















      o A new STORE module, which implements a uniform and URI based reader of















        stores that can contain keys, certificates, CRLs and numerous other