skipik001
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] Copyright text was shrunk to a boilerplate that points to the license "shared" builds are now the default when possible Added support for "pipelining" Added the AFALG engine New threading API implemented Support for ChaCha20 and Poly1305 added to libcrypto and libssl Support for extended master secret CCM ciphersuites Reworked test suite, now based on perl, Test::Harness and Test::More *Most* libcrypto and libssl public structures were made opaque, including: BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, X509_LOOKUP_METHOD libssl internal structures made opaque SSLv2 support removed Kerberos ciphersuite support removed RC4 removed from DEFAULT ciphersuites in libssl 40 and 56 bit cipher support removed from libssl All public header files moved to include/openssl, no more symlinking SSL/TLS state machine, version negotiation and record layer rewritten EC revision: now operations use new EC_KEY_METHOD. Support for OCB mode added to libcrypto Support for asynchronous crypto operations added to libcrypto and libssl Deprecated interfaces can now be disabled at build time either relative to the latest release via the "no-deprecated" Configure argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. Application software can be compiled with -DOPENSSL_API_COMPAT=version to ensure that features deprecated in that version are not exposed. Support for RFC6698/RFC7671 DANE TLSA peer authentication Change of Configure to use --prefix as the main installation directory location rather than --openssldir. The latter becomes the directory for certs, private key and openssl.cnf exclusively. Reworked BIO networking library, with full support for IPv6. New "unified" build system New security levels Support for scrypt algorithm Support for X25519 Extended SSL_CONF support using configuration files KDF algorithm support. Implement TLS PRF as a KDF. Support for Certificate Transparency HKDF support. |