Opened 5 years ago
Closed 5 years ago
#4346 closed task (fixed)
|Reported by:||Bruce Dubbs||Owned by:||lfs-book|
New point version.
Change History (2)
comment:1 by , 5 years ago
- Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
for further important information). The TLSv1.3 implementation includes:
- Fully compliant implementation of RFC8446 (TLSv1.3) on by default
- Early data (0-RTT)
- Post-handshake authentication and key update
- Middlebox Compatibility Mode
- TLSv1.3 PSKs
- Support for all five RFC8446 ciphersuites
- RSA-PSS signature algorithms (backported to TLSv1.2)
- Configurable session ticket support
- Stateless server support
- Rewrite of the packet construction code for "safer" packet handling
- Rewrite of the extension handling code
- Complete rewrite of the OpenSSL random number generator to introduce the
- The default RAND method now utilizes an AES-CTR DRBG according to NIST standard SP 800-90Ar1.
- Support for multiple DRBG instances with seed chaining.
- There is a public and private DRBG instance.
- The DRBG instances are fork-safe.
- Keep all global DRBG instances on the secure heap if it is enabled.
- The public and private DRBG instance are per thread for lock free *peration
- Support for various new cryptographic algorithms including:
- SHA512/224 and SHA512/256
- EdDSA (both Ed25519 and Ed448) including X509 and TLS support
- X448 (adding to the existing X25519 support in 1.1.0)
- Multi-prime RSA
- ARIA (including TLS support)
- Significant Side-Channel attack security improvements
- Add a new ClientHello callback to provide the ability to adjust the SSL *bject at an early stage.
- Add 'Maximum Fragment Length' TLS extension negotiation and support
- A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other *bjects.
- Move the display of configuration data to configdata.pm.
- Allow GNU style "make variables" to be used with Configure.
- Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
- Rewrite of devcrypto engine
comment:2 by , 5 years ago
|Status:||new → closed|
Fixed at revision 11472.
Note: See TracTickets for help on using tickets.