add 2.6.1 changelog
This commit is contained in:
Brent Cook
parent
f4d2b810cb
commit
d653deef65
53
ChangeLog
53
ChangeLog
@ -28,6 +28,59 @@ history is also available from Git.
|
|||||||
|
|
||||||
LibreSSL Portable Release Notes:
|
LibreSSL Portable Release Notes:
|
||||||
|
|
||||||
|
2.6.1 - Code removal, rewrites
|
||||||
|
|
||||||
|
* Added a "-T tlscompat" option to nc(1), which enables the use of all
|
||||||
|
TLS protocols and "compat" ciphers. This allows for TLS connections
|
||||||
|
to TLS servers that are using less than ideal cipher suites, without
|
||||||
|
having to resort to "-T tlsall" which enables all known cipher
|
||||||
|
suites. Diff from Kyle J. McKay.
|
||||||
|
|
||||||
|
* Added a new TLS extension handling framework, somewhat analogous to
|
||||||
|
BoringSSL, and converted all TLS extensions to use it. Added new TLS
|
||||||
|
extension regression tests.
|
||||||
|
|
||||||
|
* Improved and added many new manpages. Updated *check_private_key
|
||||||
|
manpages with additional cautions regarding their use.
|
||||||
|
|
||||||
|
* Cleaned up the EC key/curve configuration handling.
|
||||||
|
|
||||||
|
* Added tls_config_set_ecdhecurves() to libtls, which allows the names
|
||||||
|
of the eliptical curves that may be used during client and server
|
||||||
|
key exchange to be specified.
|
||||||
|
|
||||||
|
* Converted more code paths to use CBB/CBS.
|
||||||
|
|
||||||
|
* Removed support for DSS/DSA, since we removed the cipher suites a
|
||||||
|
while back.
|
||||||
|
|
||||||
|
* Removed NPN support. NPN was never standardised and the last draft
|
||||||
|
expired in October 2012. ALPN was standardised in July 2014 and has
|
||||||
|
been supported in LibreSSL since December 2014. NPN has also been
|
||||||
|
removed from Chromium in May 2016.
|
||||||
|
|
||||||
|
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
|
||||||
|
CryptoPro clients.
|
||||||
|
|
||||||
|
* Removed support for the TLS padding extension, which was added as a
|
||||||
|
workaround for an old bug in F5's TLS termintation.
|
||||||
|
|
||||||
|
* Workaround a new bug in F5's TLS termination handling the
|
||||||
|
elliptical curves extension. RFC 4492 only defines elliptic_curves
|
||||||
|
for ClientHello. However, F5 is sending it in ServerHello. We need
|
||||||
|
to skip over it since our TLS extension parsing code is now more
|
||||||
|
strict. Thanks to Armin Wolfermann and WJ Liu for reporting.
|
||||||
|
|
||||||
|
* Added ability to clamp notafter valies in certificates for systems
|
||||||
|
with 32-bit time_t. This is necessary to conform to RFC 5280
|
||||||
|
4.1.2.5.
|
||||||
|
|
||||||
|
* Imported SSL_CTX_set_min_proto_version(3) from OpenSSL
|
||||||
|
|
||||||
|
* Remove the original (pre-IETF) chacha20-poly1305 cipher suites.
|
||||||
|
|
||||||
|
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
|
||||||
|
|
||||||
2.6.0 - New APIs, bug fixes and improvements
|
2.6.0 - New APIs, bug fixes and improvements
|
||||||
|
|
||||||
* Added support for providing CRLs to libtls. Once a CRL is provided we
|
* Added support for providing CRLs to libtls. Once a CRL is provided we
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user