OpenSSL 1.0.0 Branch Release notes
The major changes and known issues for the 1.0.0 branch of the OpenSSL
toolkit are summarised below. The contents reflect the current state of the
NEWS file inside the git repository.
Additional details of changes can be found in the
The complete list of changes can be found in the
Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [under development]
Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015]
Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015]
Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015]
- Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
- ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
- PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
- DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
- Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
- X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
- Removed the export ciphers from the DEFAULT ciphers
Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015]
Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014]
Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014]
Known issues in OpenSSL 1.0.0m:
- Build fixes for the Windows and OpenVMS platforms
Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014]
Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
- EAP-FAST and other applications using tls_session_secret_cb
wont resume sessions. Fixed in 1.0.0n-dev
- Compilation failure of s3_pkt.c on some platforms due to missing
<limits.h> include. Fixed in 1.0.0n-dev
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
- Fix for CRL vulnerability issue CVE-2011-3207
- Fix for ECDH crashes CVE-2011-3210
- Protection against EC timing attacks.
- Support ECDH ciphersuites for certificates using SHA2 algorithms.
- Various DTLS fixes.
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
- Fix for security issue CVE-2010-4180
- Fix for CVE-2010-4252
- Fix mishandling of absent EC point format extension.
- Fix various platform compilation issues.
- Corrected fix for security issue CVE-2010-3864.
- RFC3280 path validation: sufficient to process PKITS tests.
- Integrated support for PVK files and keyblobs.
- Change default private key format to PKCS#8.
- CMS support: able to process all examples in RFC4134
- Streaming ASN1 encode support for PKCS#7 and CMS.
- Multiple signer and signer add support for PKCS#7 and CMS.
- ASN1 printing support.
- Whirlpool hash algorithm added.
- RFC3161 time stamp support.
- New generalised public key API supporting ENGINE based algorithms.
- New generalised public key API utilities.
- New ENGINE supporting GOST algorithms.
- SSL/TLS GOST ciphersuite support.
- PKCS#7 and CMS GOST support.
- RFC4279 PSK ciphersuite support.
- Supported points format extension for ECC ciphersuites.
- ecdsa-with-SHA224/256/384/512 signature types.
- dsa-with-SHA224 and dsa-with-SHA256 signature types.
- Opaque PRF Input TLS extension support.
- Updated time routines to avoid OS limitations.