bag of changelog for 3.2.0
This commit is contained in:
Bob Beck
parent
60ce6e59bb
commit
fcd9da32e8
53
ChangeLog
53
ChangeLog
@ -30,6 +30,48 @@ LibreSSL Portable Release Notes:
|
||||
|
||||
3.2.0 - Development release
|
||||
|
||||
* Improve length checks in record layer and provide appropritate
|
||||
alerts for for violations of record layer limits.
|
||||
|
||||
* Enforce in the server that SNI hostnames be correctly formed as
|
||||
per RFC 6066 and RFC 5890, responding with illegal paramerter for
|
||||
a nonconformant host name.
|
||||
|
||||
* Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in
|
||||
various commands.
|
||||
|
||||
* Modify io behavior so that SSL_MODE_AUTO_RETRY is the default
|
||||
similar to new OpenSSL releases.
|
||||
|
||||
* Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic
|
||||
retry of handshake messages.
|
||||
|
||||
* Add tlsfuzzer based regression tests.
|
||||
|
||||
* Support sending certificate status replies from the tls13 server
|
||||
to send ocsp staples for leaf certificates.
|
||||
|
||||
* Send correct alerts when handling failed key share extensions
|
||||
on the TLS 1.3 server.
|
||||
|
||||
* Various compatibility fixes for TLS 1.3 to 1.2 fallback for
|
||||
switching from the new to legacy stacks.
|
||||
|
||||
* Support TLS 1.3 options in the openssl(1) command.
|
||||
|
||||
* Enable TLS 1.3 server side in addition to client by default.
|
||||
with this change tls13 is handled entirely on the new stack
|
||||
and state machine, with fallback to the legacy stack and
|
||||
state machine for older versions.
|
||||
|
||||
* Many alert cleanups in TLS 1.3 to provide expected alerts
|
||||
in failure conditions.
|
||||
|
||||
* Modify "openssl x509" to display invalid certificate times as
|
||||
invalid, and correctly deal with the failing return case from
|
||||
x509_time_cmp so that a certificate with an invalid NotAfter does
|
||||
not appear valid.
|
||||
|
||||
* Support sending dummy change_cipher_spec records for middlebox
|
||||
compatibility.
|
||||
|
||||
@ -38,12 +80,21 @@ LibreSSL Portable Release Notes:
|
||||
corner cases that were dealt with incorrectly. Fixed several
|
||||
instances of missing or incorrect alerts.
|
||||
|
||||
* Ensure only PSS may be used with RSA in tls 1.3
|
||||
|
||||
* The client must advertise exactly the "null" compression method
|
||||
in its legacy_compression_field, nothing else.
|
||||
|
||||
* Incorrect use of sockaddr instead of sockaddr_storage in the
|
||||
s_client could lead to using 14 bytes of stack garbage instead
|
||||
of an IPv6 address in DTLS mode.
|
||||
of an IPv6 address in DTLS mode.
|
||||
|
||||
* Support sending certificate status from the tls13 client to retrieve
|
||||
ocsp staples for leaf certificates.
|
||||
|
||||
* Support sending certificate status requests from the tls13
|
||||
client to retrieve ocsp staples for leaf certificates.
|
||||
|
||||
|
||||
3.1.2 - Bug fix
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user