factotum/libressl-portable
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update ChangeLog

Browse Source
This commit is contained in:
kinichiro 2020-05-30 23:15:58 +09:00
parent 8b0ba4244e
commit 654e938e11
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ChangeLog
View File

@ -30,8 +30,8 @@ LibreSSL Portable Release Notes:
3.2.0 - Development release 3.2.0 - Development release
* Improve length checks in record layer and provide appropritate * Improve length checks in record layer and provide appropriate
alerts for for violations of record layer limits. alerts for violations of record layer limits.
* Enforce in the server that SNI hostnames be correctly formed as * Enforce in the server that SNI hostnames be correctly formed as
per RFC 6066 and RFC 5890, responding with illegal parameter for per RFC 6066 and RFC 5890, responding with illegal parameter for
@ -48,8 +48,8 @@ LibreSSL Portable Release Notes:
* Add tlsfuzzer based regression tests. * Add tlsfuzzer based regression tests.
* Support sending certificate status replies from the tls13 server * Support sending certificate status replies from the TLS 1.3 server
to send ocsp staples for leaf certificates. to send OCSP staples for leaf certificates.
* Send correct alerts when handling failed key share extensions * Send correct alerts when handling failed key share extensions
on the TLS 1.3 server. on the TLS 1.3 server.
@ -60,7 +60,7 @@ LibreSSL Portable Release Notes:
* Support TLS 1.3 options in the openssl(1) command. * Support TLS 1.3 options in the openssl(1) command.
* Enable TLS 1.3 server side in addition to client by default. * Enable TLS 1.3 server side in addition to client by default.
with this change tls13 is handled entirely on the new stack With this change TLS 1.3 is handled entirely on the new stack
and state machine, with fallback to the legacy stack and and state machine, with fallback to the legacy stack and
state machine for older versions. state machine for older versions.
@ -69,27 +69,23 @@ LibreSSL Portable Release Notes:
* Modify "openssl x509" to display invalid certificate times as * Modify "openssl x509" to display invalid certificate times as
invalid, and correctly deal with the failing return case from invalid, and correctly deal with the failing return case from
x509_time_cmp so that a certificate with an invalid NotAfter does X509_cmp_time so that a certificate with an invalid NotAfter does
not appear valid. not appear valid.
* Support sending dummy change_cipher_spec records for middlebox * Support sending dummy change_cipher_spec records for middlebox
compatibility. compatibility.
* Ensure only PSS may be used with RSA in tls 1.3 * Ensure only PSS may be used with RSA in TLS 1.3.
* The client must advertise exactly the "null" compression method * The client must advertise exactly the "null" compression method
in its legacy_compression_field, nothing else. in its legacy_compression_methods, nothing else.
* Incorrect use of sockaddr instead of sockaddr_storage in the * Incorrect use of sockaddr instead of sockaddr_storage in the
s_client could lead to using 14 bytes of stack garbage instead s_client could lead to using 14 bytes of stack garbage instead
of an IPv6 address in DTLS mode. of an IPv6 address in DTLS mode.
* Support sending certificate status from the tls13 client to retrieve * Support sending certificate status requests from the TLS 1.3
ocsp staples for leaf certificates. client to retrieve OCSP staples for leaf certificates.
* Support sending certificate status requests from the tls13
client to retrieve ocsp staples for leaf certificates.
3.1.2 - Bug fix 3.1.2 - Bug fix