search

michaellukashov / Far-NetBox

SFTP/SCP/FTP/FTPS/WebDAV/S3 client for Far Manager 3 (http://farmanager.com/)
https://forum.farmanager.com/viewtopic.php?t=6317
GNU General Public License v2.0
159 stars 52 forks source link

OpenSSL v1.1.0 #212

Closed VictorVG closed 7 years ago

VictorVG commented 8 years ago

Смотрю а 25.08.2016 выпустили OpenSSL 1.1.0 и судя по changelog изменений там очень много - у меня только выписка из него со списком изменений в версии 1.1.0 после версии 1.0.2h - news.txt насчитывает 170 изменений. Думаю надо всё проверять...

Вот основные:

Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]

  o Copyright text was shrunk to a boilerplate that points to the license
  o "shared" builds are now the default when possible
  o Added support for "pipelining"
  o Added the AFALG engine
  o New threading API implemented
  o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
  o Support for extended master secret
  o CCM ciphersuites
  o Reworked test suite, now based on perl, Test::Harness and Test::More
  o *Most* libcrypto and libssl public structures were made opaque,
    including:
    BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
    DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
    BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
    EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
    X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
    X509_LOOKUP, X509_LOOKUP_METHOD
  o libssl internal structures made opaque
  o SSLv2 support removed
  o Kerberos ciphersuite support removed
  o RC4 removed from DEFAULT ciphersuites in libssl
  o 40 and 56 bit cipher support removed from libssl
  o All public header files moved to include/openssl, no more symlinking
  o SSL/TLS state machine, version negotiation and record layer rewritten
  o EC revision: now operations use new EC_KEY_METHOD.
  o Support for OCB mode added to libcrypto
  o Support for asynchronous crypto operations added to libcrypto and libssl
  o Deprecated interfaces can now be disabled at build time either
    relative to the latest release via the "no-deprecated" Configure
    argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
  o Application software can be compiled with -DOPENSSL_API_COMPAT=version
    to ensure that features deprecated in that version are not exposed.
  o Support for RFC6698/RFC7671 DANE TLSA peer authentication
  o Change of Configure to use --prefix as the main installation
    directory location rather than --openssldir.  The latter becomes
    the directory for certs, private key and openssl.cnf exclusively.
  o Reworked BIO networking library, with full support for IPv6.
  o New "unified" build system
  o New security levels
  o Support for scrypt algorithm
  o Support for X25519
  o Extended SSL_CONF support using configuration files
  o KDF algorithm support. Implement TLS PRF as a KDF.
  o Support for Certificate Transparency
  o HKDF support.