1NEWS 2==== 3 4This file gives a brief overview of the major changes between each OpenSSL 5release. For more details please read the CHANGES file. 6 7OpenSSL Releases 8---------------- 9 10 - [OpenSSL 3.1](#openssl-31) 11 - [OpenSSL 3.0](#openssl-30) 12 - [OpenSSL 1.1.1](#openssl-111) 13 - [OpenSSL 1.1.0](#openssl-110) 14 - [OpenSSL 1.0.2](#openssl-102) 15 - [OpenSSL 1.0.1](#openssl-101) 16 - [OpenSSL 1.0.0](#openssl-100) 17 - [OpenSSL 0.9.x](#openssl-09x) 18 19OpenSSL 3.1 20----------- 21 22### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development] 23 24 * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings 25 by default. 26 * TCP Fast Open (RFC7413) support is available on Linux, macOS, and FreeBSD 27 where enabled and supported. 28 * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. 29 30OpenSSL 3.0 31----------- 32 33### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] 34 35 * Fixed additional bugs in the c_rehash script which was not properly 36 sanitising shell metacharacters to prevent command injection 37 ([CVE-2022-2068]) 38 39### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022] 40 41 * Fixed a bug in the c_rehash script which was not properly sanitising shell 42 metacharacters to prevent command injection ([CVE-2022-1292]) 43 * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer 44 certificate on an OCSP response ([CVE-2022-1343]) 45 * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the 46 AAD data as the MAC key ([CVE-2022-1434]) 47 * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory 48 occuppied by the removed hash table entries ([CVE-2022-1473]) 49 50### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 51 52 * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever 53 for non-prime moduli ([CVE-2022-0778]) 54 55### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 56 57 * Fixed invalid handling of X509_verify_cert() internal errors in libssl 58 ([CVE-2021-4044]) 59 * Allow fetching an operation from the provider that owns an unexportable key 60 as a fallback if that is still allowed by the property query. 61 62### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 63 64 * Enhanced 'openssl list' with many new options. 65 * Added migration guide to man7. 66 * Implemented support for fully "pluggable" TLSv1.3 groups. 67 * Added suport for Kernel TLS (KTLS). 68 * Changed the license to the Apache License v2.0. 69 * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, 70 RC4, RC5, and DES to the legacy provider. 71 * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy 72 provider. 73 * Added convenience functions for generating asymmetric key pairs. 74 * Deprecated the `OCSP_REQ_CTX` type and functions. 75 * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. 76 * Deprecated the `RSA` and `RSA_METHOD` types and functions. 77 * Deprecated the `DSA` and `DSA_METHOD` types and functions. 78 * Deprecated the `DH` and `DH_METHOD` types and functions. 79 * Deprecated the `ERR_load_` functions. 80 * Remove the `RAND_DRBG` API. 81 * Deprecated the `ENGINE` API. 82 * Added `OSSL_LIB_CTX`, a libcrypto library context. 83 * Added various `_ex` functions to the OpenSSL API that support using 84 a non-default `OSSL_LIB_CTX`. 85 * Interactive mode is removed from the 'openssl' program. 86 * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are 87 included in the FIPS provider. 88 * X509 certificates signed using SHA1 are no longer allowed at security 89 level 1 or higher. The default security level for TLS is 1, so 90 certificates signed using SHA1 are by default no longer trusted to 91 authenticate servers or clients. 92 * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly 93 disabled; the project uses address sanitize/leak-detect instead. 94 * Added a Certificate Management Protocol (CMP, RFC 4210) implementation 95 also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). 96 It is part of the crypto lib and adds a 'cmp' app with a demo configuration. 97 All widely used CMP features are supported for both clients and servers. 98 * Added a proper HTTP client supporting GET with optional redirection, POST, 99 arbitrary request and response content types, TLS, persistent connections, 100 connections via HTTP(s) proxies, connections and exchange via user-defined 101 BIOs (allowing implicit connections), and timeout checks. 102 * Added util/check-format.pl for checking adherence to the coding guidelines. 103 * Added OSSL_ENCODER, a generic encoder API. 104 * Added OSSL_DECODER, a generic decoder API. 105 * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. 106 * Added error raising macros, ERR_raise() and ERR_raise_data(). 107 * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), 108 ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and 109 ERR_func_error_string(). 110 * Added OSSL_PROVIDER_available(), to check provider availibility. 111 * Added 'openssl mac' that uses the EVP_MAC API. 112 * Added 'openssl kdf' that uses the EVP_KDF API. 113 * Add OPENSSL_info() and 'openssl info' to get built-in data. 114 * Add support for enabling instrumentation through trace and debug 115 output. 116 * Changed our version number scheme and set the next major release to 117 3.0.0 118 * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC 119 bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 120 and SIPHASH. 121 * Removed the heartbeat message in DTLS feature. 122 * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to 123 EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, 124 PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. 125 * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, 126 SHA256, SHA384, SHA512 and Whirlpool digest functions have been 127 deprecated. 128 * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, 129 RC4, RC5 and SEED cipher functions have been deprecated. 130 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions 131 have been deprecated. 132 * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, 133 except when RSA key exchange without SHA1 is used. 134 * Added providers, a new pluggability concept that will replace the 135 ENGINE API and ENGINE implementations. 136 137OpenSSL 1.1.1 138------------- 139 140### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] 141 142 * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) 143 * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) 144 145### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] 146 147 * Fixed a problem with verifying a certificate chain when using the 148 X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) 149 * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously 150 crafted renegotiation ClientHello message from a client ([CVE-2021-3449]) 151 152### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] 153 154 * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() 155 function ([CVE-2021-23841]) 156 * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING 157 padding mode to correctly check for rollback attacks 158 * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and 159 EVP_DecryptUpdate functions ([CVE-2021-23840]) 160 * Fixed SRP_Calc_client_key so that it runs in constant time 161 162### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] 163 164 * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971]) 165 166### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] 167 168 * Disallow explicit curve parameters in verifications chains when 169 X509_V_FLAG_X509_STRICT is used 170 * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS 171 contexts 172 * Oracle Developer Studio will start reporting deprecation warnings 173 174### Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] 175 176 * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967]) 177 178### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] 179 180 * Revert the unexpected EOF reporting via SSL_ERROR_SSL 181 182### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] 183 184 * Fixed an overflow bug in the x64_64 Montgomery squaring procedure 185 used in exponentiation with 512-bit moduli ([CVE-2019-1551]) 186 187### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] 188 189 * Fixed a fork protection issue ([CVE-2019-1549]) 190 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 191 ([CVE-2019-1563]) 192 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 193 used even when parsing explicit parameters 194 * Compute ECC cofactors if not provided during EC_GROUP construction 195 ([CVE-2019-1547]) 196 * Early start up entropy quality from the DEVRANDOM seed source has been 197 improved for older Linux systems 198 * Correct the extended master secret constant on EBCDIC systems 199 * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) 200 * Changed DH_check to accept parameters with order q and 2q subgroups 201 * Significantly reduce secure memory usage by the randomness pools 202 * Revert the DEVRANDOM_WAIT feature for Linux systems 203 204### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] 205 206 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) 207 208### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] 209 210 * Change the info callback signals for the start and end of a post-handshake 211 message exchange in TLSv1.3. 212 * Fix a bug in DTLS over SCTP. This breaks interoperability with older 213 versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. 214 215### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] 216 217 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 218 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) 219 220### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] 221 222 * Support for TLSv1.3 added. The TLSv1.3 implementation includes: 223 * Fully compliant implementation of RFC8446 (TLSv1.3) on by default 224 * Early data (0-RTT) 225 * Post-handshake authentication and key update 226 * Middlebox Compatibility Mode 227 * TLSv1.3 PSKs 228 * Support for all five RFC8446 ciphersuites 229 * RSA-PSS signature algorithms (backported to TLSv1.2) 230 * Configurable session ticket support 231 * Stateless server support 232 * Rewrite of the packet construction code for "safer" packet handling 233 * Rewrite of the extension handling code 234 For further important information, see the [TLS1.3 page]( 235 https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki. 236 237 * Complete rewrite of the OpenSSL random number generator to introduce the 238 following capabilities 239 * The default RAND method now utilizes an AES-CTR DRBG according to 240 NIST standard SP 800-90Ar1. 241 * Support for multiple DRBG instances with seed chaining. 242 * There is a public and private DRBG instance. 243 * The DRBG instances are fork-safe. 244 * Keep all global DRBG instances on the secure heap if it is enabled. 245 * The public and private DRBG instance are per thread for lock free 246 operation 247 * Support for various new cryptographic algorithms including: 248 * SHA3 249 * SHA512/224 and SHA512/256 250 * EdDSA (both Ed25519 and Ed448) including X509 and TLS support 251 * X448 (adding to the existing X25519 support in 1.1.0) 252 * Multi-prime RSA 253 * SM2 254 * SM3 255 * SM4 256 * SipHash 257 * ARIA (including TLS support) 258 * Significant Side-Channel attack security improvements 259 * Add a new ClientHello callback to provide the ability to adjust the SSL 260 object at an early stage. 261 * Add 'Maximum Fragment Length' TLS extension negotiation and support 262 * A new STORE module, which implements a uniform and URI based reader of 263 stores that can contain keys, certificates, CRLs and numerous other 264 objects. 265 * Move the display of configuration data to configdata.pm. 266 * Allow GNU style "make variables" to be used with Configure. 267 * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes 268 * Rewrite of devcrypto engine 269 270OpenSSL 1.1.0 271------------- 272 273### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] 274 275 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 276 ([CVE-2019-1563]) 277 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 278 used even when parsing explicit parameters 279 * Compute ECC cofactors if not provided during EC_GROUP construction 280 ([CVE-2019-1547]) 281 * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) 282 283### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] 284 285 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) 286 287### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] 288 289 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 290 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) 291 292### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] 293 294 * Client DoS due to large DH parameter ([CVE-2018-0732]) 295 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) 296 297### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] 298 299 * Constructed ASN.1 types with a recursive definition could exceed the 300 stack ([CVE-2018-0739]) 301 * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733]) 302 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) 303 304### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] 305 306 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) 307 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) 308 309### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] 310 311 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw 312 313### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] 314 315 * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733]) 316 317### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] 318 319 * Truncated packet could crash via OOB read ([CVE-2017-3731]) 320 * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730]) 321 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) 322 323### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] 324 325 * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054]) 326 * CMS Null dereference ([CVE-2016-7053]) 327 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) 328 329### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] 330 331 * Fix Use After Free for large message sizes ([CVE-2016-6309]) 332 333### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] 334 335 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 336 * SSL_peek() hang on empty record ([CVE-2016-6305]) 337 * Excessive allocation of memory in tls_get_message_header() 338 ([CVE-2016-6307]) 339 * Excessive allocation of memory in dtls1_preprocess_fragment() 340 ([CVE-2016-6308]) 341 342### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] 343 344 * Copyright text was shrunk to a boilerplate that points to the license 345 * "shared" builds are now the default when possible 346 * Added support for "pipelining" 347 * Added the AFALG engine 348 * New threading API implemented 349 * Support for ChaCha20 and Poly1305 added to libcrypto and libssl 350 * Support for extended master secret 351 * CCM ciphersuites 352 * Reworked test suite, now based on perl, Test::Harness and Test::More 353 * *Most* libcrypto and libssl public structures were made opaque, 354 including: 355 BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, 356 DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, 357 BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, 358 EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, 359 X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, 360 X509_LOOKUP, X509_LOOKUP_METHOD 361 * libssl internal structures made opaque 362 * SSLv2 support removed 363 * Kerberos ciphersuite support removed 364 * RC4 removed from DEFAULT ciphersuites in libssl 365 * 40 and 56 bit cipher support removed from libssl 366 * All public header files moved to include/openssl, no more symlinking 367 * SSL/TLS state machine, version negotiation and record layer rewritten 368 * EC revision: now operations use new EC_KEY_METHOD. 369 * Support for OCB mode added to libcrypto 370 * Support for asynchronous crypto operations added to libcrypto and libssl 371 * Deprecated interfaces can now be disabled at build time either 372 relative to the latest release via the "no-deprecated" Configure 373 argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. 374 * Application software can be compiled with -DOPENSSL_API_COMPAT=version 375 to ensure that features deprecated in that version are not exposed. 376 * Support for RFC6698/RFC7671 DANE TLSA peer authentication 377 * Change of Configure to use --prefix as the main installation 378 directory location rather than --openssldir. The latter becomes 379 the directory for certs, private key and openssl.cnf exclusively. 380 * Reworked BIO networking library, with full support for IPv6. 381 * New "unified" build system 382 * New security levels 383 * Support for scrypt algorithm 384 * Support for X25519 385 * Extended SSL_CONF support using configuration files 386 * KDF algorithm support. Implement TLS PRF as a KDF. 387 * Support for Certificate Transparency 388 * HKDF support. 389 390OpenSSL 1.0.2 391------------- 392 393### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] 394 395 * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey 396 ([CVE-2019-1563]) 397 * For built-in EC curves, ensure an EC_GROUP built from the curve name is 398 used even when parsing explicit parameters 399 * Compute ECC cofactors if not provided during EC_GROUP construction 400 ([CVE-2019-1547]) 401 * Document issue with installation paths in diverse Windows builds 402 ([CVE-2019-1552]) 403 404### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] 405 406 * None 407 408### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] 409 410 * 0-byte record padding oracle ([CVE-2019-1559]) 411 412### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] 413 414 * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407]) 415 * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) 416 417### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] 418 419 * Client DoS due to large DH parameter ([CVE-2018-0732]) 420 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) 421 422### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] 423 424 * Constructed ASN.1 types with a recursive definition could exceed the 425 stack ([CVE-2018-0739]) 426 427### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] 428 429 * Read/write after SSL object in error state ([CVE-2017-3737]) 430 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) 431 432### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] 433 434 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) 435 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) 436 437### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] 438 439 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw 440 441### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] 442 443 * Truncated packet could crash via OOB read ([CVE-2017-3731]) 444 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) 445 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) 446 447### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] 448 449 * Missing CRL sanity check ([CVE-2016-7052]) 450 451### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] 452 453 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 454 * SWEET32 Mitigation ([CVE-2016-2183]) 455 * OOB write in MDC2_Update() ([CVE-2016-6303]) 456 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 457 * OOB write in BN_bn2dec() ([CVE-2016-2182]) 458 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) 459 * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) 460 * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) 461 * DTLS buffered message DoS ([CVE-2016-2179]) 462 * DTLS replay protection DoS ([CVE-2016-2181]) 463 * Certificate message OOB reads ([CVE-2016-6306]) 464 465### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] 466 467 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) 468 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) 469 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) 470 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) 471 * EBCDIC overread ([CVE-2016-2176]) 472 * Modify behavior of ALPN to invoke callback after SNI/servername 473 callback, such that updates to the SSL_CTX affect ALPN. 474 * Remove LOW from the DEFAULT cipher list. This removes singles DES from 475 the default. 476 * Only remove the SSLv2 methods with the no-ssl2-method option. 477 478### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] 479 480 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. 481 * Disable SSLv2 default build, default negotiation and weak ciphers 482 ([CVE-2016-0800]) 483 * Fix a double-free in DSA code ([CVE-2016-0705]) 484 * Disable SRP fake user seed to address a server memory leak 485 ([CVE-2016-0798]) 486 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 487 ([CVE-2016-0797]) 488 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) 489 * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) 490 491### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] 492 493 * DH small subgroups ([CVE-2016-0701]) 494 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) 495 496### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] 497 498 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193]) 499 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) 500 * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) 501 * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs 502 * In DSA_generate_parameters_ex, if the provided seed is too short, 503 return an error 504 505### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] 506 507 * Alternate chains certificate forgery ([CVE-2015-1793]) 508 * Race condition handling PSK identify hint ([CVE-2015-3196]) 509 510### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] 511 512 * Fix HMAC ABI incompatibility 513 514### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] 515 516 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 517 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 518 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 519 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 520 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 521 522### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] 523 524 * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291]) 525 * Multiblock corrupted pointer fix ([CVE-2015-0290]) 526 * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207]) 527 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 528 * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208]) 529 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 530 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 531 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 532 * Empty CKE with client auth and DHE fix ([CVE-2015-1787]) 533 * Handshake with unseeded PRNG fix ([CVE-2015-0285]) 534 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 535 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 536 * Removed the export ciphers from the DEFAULT ciphers 537 538### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] 539 540 * Suite B support for TLS 1.2 and DTLS 1.2 541 * Support for DTLS 1.2 542 * TLS automatic EC curve selection. 543 * API to set TLS supported signature algorithms and curves 544 * SSL_CONF configuration API. 545 * TLS Brainpool support. 546 * ALPN support. 547 * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. 548 549OpenSSL 1.0.1 550------------- 551 552### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] 553 554 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) 555 * SWEET32 Mitigation ([CVE-2016-2183]) 556 * OOB write in MDC2_Update() ([CVE-2016-6303]) 557 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 558 * OOB write in BN_bn2dec() ([CVE-2016-2182]) 559 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) 560 * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) 561 * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) 562 * DTLS buffered message DoS ([CVE-2016-2179]) 563 * DTLS replay protection DoS ([CVE-2016-2181]) 564 * Certificate message OOB reads ([CVE-2016-6306]) 565 566### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] 567 568 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) 569 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) 570 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) 571 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) 572 * EBCDIC overread ([CVE-2016-2176]) 573 * Modify behavior of ALPN to invoke callback after SNI/servername 574 callback, such that updates to the SSL_CTX affect ALPN. 575 * Remove LOW from the DEFAULT cipher list. This removes singles DES from 576 the default. 577 * Only remove the SSLv2 methods with the no-ssl2-method option. 578 579### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] 580 581 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. 582 * Disable SSLv2 default build, default negotiation and weak ciphers 583 ([CVE-2016-0800]) 584 * Fix a double-free in DSA code ([CVE-2016-0705]) 585 * Disable SRP fake user seed to address a server memory leak 586 ([CVE-2016-0798]) 587 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 588 ([CVE-2016-0797]) 589 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) 590 * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) 591 592### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] 593 594 * Protection for DH small subgroup attacks 595 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) 596 597### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] 598 599 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) 600 * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) 601 * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs 602 * In DSA_generate_parameters_ex, if the provided seed is too short, 603 return an error 604 605### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] 606 607 * Alternate chains certificate forgery ([CVE-2015-1793]) 608 * Race condition handling PSK identify hint ([CVE-2015-3196]) 609 610### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] 611 612 * Fix HMAC ABI incompatibility 613 614### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] 615 616 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 617 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 618 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 619 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 620 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 621 622### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] 623 624 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 625 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 626 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 627 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 628 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 629 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 630 * Removed the export ciphers from the DEFAULT ciphers 631 632### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] 633 634 * Build fixes for the Windows and OpenVMS platforms 635 636### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] 637 638 * Fix for [CVE-2014-3571] 639 * Fix for [CVE-2015-0206] 640 * Fix for [CVE-2014-3569] 641 * Fix for [CVE-2014-3572] 642 * Fix for [CVE-2015-0204] 643 * Fix for [CVE-2015-0205] 644 * Fix for [CVE-2014-8275] 645 * Fix for [CVE-2014-3570] 646 647### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] 648 649 * Fix for [CVE-2014-3513] 650 * Fix for [CVE-2014-3567] 651 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) 652 * Fix for [CVE-2014-3568] 653 654### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] 655 656 * Fix for [CVE-2014-3512] 657 * Fix for [CVE-2014-3511] 658 * Fix for [CVE-2014-3510] 659 * Fix for [CVE-2014-3507] 660 * Fix for [CVE-2014-3506] 661 * Fix for [CVE-2014-3505] 662 * Fix for [CVE-2014-3509] 663 * Fix for [CVE-2014-5139] 664 * Fix for [CVE-2014-3508] 665 666### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] 667 668 * Fix for [CVE-2014-0224] 669 * Fix for [CVE-2014-0221] 670 * Fix for [CVE-2014-0198] 671 * Fix for [CVE-2014-0195] 672 * Fix for [CVE-2014-3470] 673 * Fix for [CVE-2010-5298] 674 675### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] 676 677 * Fix for [CVE-2014-0160] 678 * Add TLS padding extension workaround for broken servers. 679 * Fix for [CVE-2014-0076] 680 681### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] 682 683 * Don't include gmt_unix_time in TLS server and client random values 684 * Fix for TLS record tampering bug ([CVE-2013-4353]) 685 * Fix for TLS version checking bug ([CVE-2013-6449]) 686 * Fix for DTLS retransmission bug ([CVE-2013-6450]) 687 688### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] 689 690 * Corrected fix for ([CVE-2013-0169]) 691 692### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] 693 694 * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. 695 * Include the fips configuration module. 696 * Fix OCSP bad key DoS attack ([CVE-2013-0166]) 697 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) 698 * Fix for TLS AESNI record handling flaw ([CVE-2012-2686]) 699 700### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] 701 702 * Fix TLS/DTLS record length checking bug ([CVE-2012-2333]) 703 * Don't attempt to use non-FIPS composite ciphers in FIPS mode. 704 705### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] 706 707 * Fix compilation error on non-x86 platforms. 708 * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. 709 * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 710 711### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] 712 713 * Fix for ASN1 overflow bug ([CVE-2012-2110]) 714 * Workarounds for some servers that hang on long client hellos. 715 * Fix SEGV in AES code. 716 717### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] 718 719 * TLS/DTLS heartbeat support. 720 * SCTP support. 721 * RFC 5705 TLS key material exporter. 722 * RFC 5764 DTLS-SRTP negotiation. 723 * Next Protocol Negotiation. 724 * PSS signatures in certificates, requests and CRLs. 725 * Support for password based recipient info for CMS. 726 * Support TLS v1.2 and TLS v1.1. 727 * Preliminary FIPS capability for unvalidated 2.0 FIPS module. 728 * SRP support. 729 730OpenSSL 1.0.0 731------------- 732 733### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] 734 735 * X509_ATTRIBUTE memory leak (([CVE-2015-3195])) 736 * Race condition handling PSK identify hint ([CVE-2015-3196]) 737 738### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] 739 740 * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) 741 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) 742 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) 743 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) 744 * Race condition handling NewSessionTicket ([CVE-2015-1791]) 745 746### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] 747 748 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) 749 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) 750 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) 751 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) 752 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) 753 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) 754 * Removed the export ciphers from the DEFAULT ciphers 755 756### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] 757 758 * Build fixes for the Windows and OpenVMS platforms 759 760### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] 761 762 * Fix for [CVE-2014-3571] 763 * Fix for [CVE-2015-0206] 764 * Fix for [CVE-2014-3569] 765 * Fix for [CVE-2014-3572] 766 * Fix for [CVE-2015-0204] 767 * Fix for [CVE-2015-0205] 768 * Fix for [CVE-2014-8275] 769 * Fix for [CVE-2014-3570] 770 771### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] 772 773 * Fix for [CVE-2014-3513] 774 * Fix for [CVE-2014-3567] 775 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) 776 * Fix for [CVE-2014-3568] 777 778### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] 779 780 * Fix for [CVE-2014-3510] 781 * Fix for [CVE-2014-3507] 782 * Fix for [CVE-2014-3506] 783 * Fix for [CVE-2014-3505] 784 * Fix for [CVE-2014-3509] 785 * Fix for [CVE-2014-3508] 786 787 Known issues in OpenSSL 1.0.0m: 788 789 * EAP-FAST and other applications using tls_session_secret_cb 790 won't resume sessions. Fixed in 1.0.0n-dev 791 * Compilation failure of s3_pkt.c on some platforms due to missing 792 `<limits.h>` include. Fixed in 1.0.0n-dev 793 794### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] 795 796 * Fix for [CVE-2014-0224] 797 * Fix for [CVE-2014-0221] 798 * Fix for [CVE-2014-0198] 799 * Fix for [CVE-2014-0195] 800 * Fix for [CVE-2014-3470] 801 * Fix for [CVE-2014-0076] 802 * Fix for [CVE-2010-5298] 803 804### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] 805 806 * Fix for DTLS retransmission bug ([CVE-2013-6450]) 807 808### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] 809 810 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) 811 * Fix OCSP bad key DoS attack ([CVE-2013-0166]) 812 813### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] 814 815 * Fix DTLS record length checking bug ([CVE-2012-2333]) 816 817### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] 818 819 * Fix for ASN1 overflow bug ([CVE-2012-2110]) 820 821### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] 822 823 * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884]) 824 * Corrected fix for ([CVE-2011-4619]) 825 * Various DTLS fixes. 826 827### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] 828 829 * Fix for DTLS DoS issue ([CVE-2012-0050]) 830 831### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] 832 833 * Fix for DTLS plaintext recovery attack ([CVE-2011-4108]) 834 * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576]) 835 * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619]) 836 * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027]) 837 * Check for malformed RFC3779 data ([CVE-2011-4577]) 838 839### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] 840 841 * Fix for CRL vulnerability issue ([CVE-2011-3207]) 842 * Fix for ECDH crashes ([CVE-2011-3210]) 843 * Protection against EC timing attacks. 844 * Support ECDH ciphersuites for certificates using SHA2 algorithms. 845 * Various DTLS fixes. 846 847### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] 848 849 * Fix for security issue ([CVE-2011-0014]) 850 851### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] 852 853 * Fix for security issue ([CVE-2010-4180]) 854 * Fix for ([CVE-2010-4252]) 855 * Fix mishandling of absent EC point format extension. 856 * Fix various platform compilation issues. 857 * Corrected fix for security issue ([CVE-2010-3864]). 858 859### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] 860 861 * Fix for security issue ([CVE-2010-3864]). 862 * Fix for ([CVE-2010-2939]) 863 * Fix WIN32 build system for GOST ENGINE. 864 865### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] 866 867 * Fix for security issue ([CVE-2010-1633]). 868 * GOST MAC and CFB fixes. 869 870### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] 871 872 * RFC3280 path validation: sufficient to process PKITS tests. 873 * Integrated support for PVK files and keyblobs. 874 * Change default private key format to PKCS#8. 875 * CMS support: able to process all examples in RFC4134 876 * Streaming ASN1 encode support for PKCS#7 and CMS. 877 * Multiple signer and signer add support for PKCS#7 and CMS. 878 * ASN1 printing support. 879 * Whirlpool hash algorithm added. 880 * RFC3161 time stamp support. 881 * New generalised public key API supporting ENGINE based algorithms. 882 * New generalised public key API utilities. 883 * New ENGINE supporting GOST algorithms. 884 * SSL/TLS GOST ciphersuite support. 885 * PKCS#7 and CMS GOST support. 886 * RFC4279 PSK ciphersuite support. 887 * Supported points format extension for ECC ciphersuites. 888 * ecdsa-with-SHA224/256/384/512 signature types. 889 * dsa-with-SHA224 and dsa-with-SHA256 signature types. 890 * Opaque PRF Input TLS extension support. 891 * Updated time routines to avoid OS limitations. 892 893OpenSSL 0.9.x 894------------- 895 896### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] 897 898 * CFB cipher definition fixes. 899 * Fix security issues [CVE-2010-0740] and [CVE-2010-0433]. 900 901### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] 902 903 * Cipher definition fixes. 904 * Workaround for slow RAND_poll() on some WIN32 versions. 905 * Remove MD2 from algorithm tables. 906 * SPKAC handling fixes. 907 * Support for RFC5746 TLS renegotiation extension. 908 * Compression memory leak fixed. 909 * Compression session resumption fixed. 910 * Ticket and SNI coexistence fixes. 911 * Many fixes to DTLS handling. 912 913### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] 914 915 * Temporary work around for [CVE-2009-3555]: disable renegotiation. 916 917### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] 918 919 * Fix various build issues. 920 * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789] 921 922### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] 923 924 * Fix security issue ([CVE-2008-5077]) 925 * Merge FIPS 140-2 branch code. 926 927### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] 928 929 * CryptoAPI ENGINE support. 930 * Various precautionary measures. 931 * Fix for bugs affecting certificate request creation. 932 * Support for local machine keyset attribute in PKCS#12 files. 933 934### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] 935 936 * Backport of CMS functionality to 0.9.8. 937 * Fixes for bugs introduced with 0.9.8f. 938 939### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] 940 941 * Add gcc 4.2 support. 942 * Add support for AES and SSE2 assembly language optimization 943 for VC++ build. 944 * Support for RFC4507bis and server name extensions if explicitly 945 selected at compile time. 946 * DTLS improvements. 947 * RFC4507bis support. 948 * TLS Extensions support. 949 950### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] 951 952 * Various ciphersuite selection fixes. 953 * RFC3779 support. 954 955### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] 956 957 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) 958 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] 959 * Changes to ciphersuite selection algorithm 960 961### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] 962 963 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] 964 * New cipher Camellia 965 966### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] 967 968 * Cipher string fixes. 969 * Fixes for VC++ 2005. 970 * Updated ECC cipher suite support. 971 * New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). 972 * Zlib compression usage fixes. 973 * Built in dynamic engine compilation support on Win32. 974 * Fixes auto dynamic engine loading in Win32. 975 976### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] 977 978 * Fix potential SSL 2.0 rollback ([CVE-2005-2969]) 979 * Extended Windows CE support 980 981### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] 982 983 * Major work on the BIGNUM library for higher efficiency and to 984 make operations more streamlined and less contradictory. This 985 is the result of a major audit of the BIGNUM library. 986 * Addition of BIGNUM functions for fields GF(2^m) and NIST 987 curves, to support the Elliptic Crypto functions. 988 * Major work on Elliptic Crypto; ECDH and ECDSA added, including 989 the use through EVP, X509 and ENGINE. 990 * New ASN.1 mini-compiler that's usable through the OpenSSL 991 configuration file. 992 * Added support for ASN.1 indefinite length constructed encoding. 993 * New PKCS#12 'medium level' API to manipulate PKCS#12 files. 994 * Complete rework of shared library construction and linking 995 programs with shared or static libraries, through a separate 996 Makefile.shared. 997 * Rework of the passing of parameters from one Makefile to another. 998 * Changed ENGINE framework to load dynamic engine modules 999 automatically from specifically given directories. 1000 * New structure and ASN.1 functions for CertificatePair. 1001 * Changed the ZLIB compression method to be stateful. 1002 * Changed the key-generation and primality testing "progress" 1003 mechanism to take a structure that contains the ticker 1004 function and an argument. 1005 * New engine module: GMP (performs private key exponentiation). 1006 * New engine module: VIA PadLOck ACE extension in VIA C3 1007 Nehemiah processors. 1008 * Added support for IPv6 addresses in certificate extensions. 1009 See RFC 1884, section 2.2. 1010 * Added support for certificate policy mappings, policy 1011 constraints and name constraints. 1012 * Added support for multi-valued AVAs in the OpenSSL 1013 configuration file. 1014 * Added support for multiple certificates with the same subject 1015 in the 'openssl ca' index file. 1016 * Make it possible to create self-signed certificates using 1017 'openssl ca -selfsign'. 1018 * Make it possible to generate a serial number file with 1019 'openssl ca -create_serial'. 1020 * New binary search functions with extended functionality. 1021 * New BUF functions. 1022 * New STORE structure and library to provide an interface to all 1023 sorts of data repositories. Supports storage of public and 1024 private keys, certificates, CRLs, numbers and arbitrary blobs. 1025 This library is unfortunately unfinished and unused within 1026 OpenSSL. 1027 * New control functions for the error stack. 1028 * Changed the PKCS#7 library to support one-pass S/MIME 1029 processing. 1030 * Added the possibility to compile without old deprecated 1031 functionality with the OPENSSL_NO_DEPRECATED macro or the 1032 'no-deprecated' argument to the config and Configure scripts. 1033 * Constification of all ASN.1 conversion functions, and other 1034 affected functions. 1035 * Improved platform support for PowerPC. 1036 * New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). 1037 * New X509_VERIFY_PARAM structure to support parameterisation 1038 of X.509 path validation. 1039 * Major overhaul of RC4 performance on Intel P4, IA-64 and 1040 AMD64. 1041 * Changed the Configure script to have some algorithms disabled 1042 by default. Those can be explicitly enabled with the new 1043 argument form 'enable-xxx'. 1044 * Change the default digest in 'openssl' commands from MD5 to 1045 SHA-1. 1046 * Added support for DTLS. 1047 * New BIGNUM blinding. 1048 * Added support for the RSA-PSS encryption scheme 1049 * Added support for the RSA X.931 padding. 1050 * Added support for BSD sockets on NetWare. 1051 * Added support for files larger than 2GB. 1052 * Added initial support for Win64. 1053 * Added alternate pkg-config files. 1054 1055### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] 1056 1057 * FIPS 1.1.1 module linking. 1058 * Various ciphersuite selection fixes. 1059 1060### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] 1061 1062 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) 1063 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] 1064 1065### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] 1066 1067 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] 1068 1069### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] 1070 1071 * Visual C++ 2005 fixes. 1072 * Update Windows build system for FIPS. 1073 1074### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] 1075 1076 * Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. 1077 1078### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] 1079 1080 * Fix SSL 2.0 Rollback ([CVE-2005-2969]) 1081 * Allow use of fixed-length exponent on DSA signing 1082 * Default fixed-window RSA, DSA, DH private-key operations 1083 1084### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] 1085 1086 * More compilation issues fixed. 1087 * Adaptation to more modern Kerberos API. 1088 * Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. 1089 * Enhanced x86_64 assembler BIGNUM module. 1090 * More constification. 1091 * Added processing of proxy certificates (RFC 3820). 1092 1093### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] 1094 1095 * Several compilation issues fixed. 1096 * Many memory allocation failure checks added. 1097 * Improved comparison of X509 Name type. 1098 * Mandatory basic checks on certificates. 1099 * Performance improvements. 1100 1101### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] 1102 1103 * Fix race condition in CRL checking code. 1104 * Fixes to PKCS#7 (S/MIME) code. 1105 1106### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] 1107 1108 * Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug 1109 * Security: Fix null-pointer assignment in do_change_cipher_spec() 1110 * Allow multiple active certificates with same subject in CA index 1111 * Multiple X509 verification fixes 1112 * Speed up HMAC and other operations 1113 1114### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] 1115 1116 * Security: fix various ASN1 parsing bugs. 1117 * New -ignore_err option to OCSP utility. 1118 * Various interop and bug fixes in S/MIME code. 1119 * SSL/TLS protocol fix for unrequested client certificates. 1120 1121### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] 1122 1123 * Security: counter the Klima-Pokorny-Rosa extension of 1124 Bleichbacher's attack 1125 * Security: make RSA blinding default. 1126 * Configuration: Irix fixes, AIX fixes, better mingw support. 1127 * Support for new platforms: linux-ia64-ecc. 1128 * Build: shared library support fixes. 1129 * ASN.1: treat domainComponent correctly. 1130 * Documentation: fixes and additions. 1131 1132### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] 1133 1134 * Security: Important security related bugfixes. 1135 * Enhanced compatibility with MIT Kerberos. 1136 * Can be built without the ENGINE framework. 1137 * IA32 assembler enhancements. 1138 * Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. 1139 * Configuration: the no-err option now works properly. 1140 * SSL/TLS: now handles manual certificate chain building. 1141 * SSL/TLS: certain session ID malfunctions corrected. 1142 1143### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] 1144 1145 * New library section OCSP. 1146 * Complete rewrite of ASN1 code. 1147 * CRL checking in verify code and openssl utility. 1148 * Extension copying in 'ca' utility. 1149 * Flexible display options in 'ca' utility. 1150 * Provisional support for international characters with UTF8. 1151 * Support for external crypto devices ('engine') is no longer 1152 a separate distribution. 1153 * New elliptic curve library section. 1154 * New AES (Rijndael) library section. 1155 * Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, 1156 Linux x86_64, Linux 64-bit on Sparc v9 1157 * Extended support for some platforms: VxWorks 1158 * Enhanced support for shared libraries. 1159 * Now only builds PIC code when shared library support is requested. 1160 * Support for pkg-config. 1161 * Lots of new manuals. 1162 * Makes symbolic links to or copies of manuals to cover all described 1163 functions. 1164 * Change DES API to clean up the namespace (some applications link also 1165 against libdes providing similar functions having the same name). 1166 Provide macros for backward compatibility (will be removed in the 1167 future). 1168 * Unify handling of cryptographic algorithms (software and engine) 1169 to be available via EVP routines for asymmetric and symmetric ciphers. 1170 * NCONF: new configuration handling routines. 1171 * Change API to use more 'const' modifiers to improve error checking 1172 and help optimizers. 1173 * Finally remove references to RSAref. 1174 * Reworked parts of the BIGNUM code. 1175 * Support for new engines: Broadcom ubsec, Accelerated Encryption 1176 Processing, IBM 4758. 1177 * A few new engines added in the demos area. 1178 * Extended and corrected OID (object identifier) table. 1179 * PRNG: query at more locations for a random device, automatic query for 1180 EGD style random sources at several locations. 1181 * SSL/TLS: allow optional cipher choice according to server's preference. 1182 * SSL/TLS: allow server to explicitly set new session ids. 1183 * SSL/TLS: support Kerberos cipher suites (RFC2712). 1184 Only supports MIT Kerberos for now. 1185 * SSL/TLS: allow more precise control of renegotiations and sessions. 1186 * SSL/TLS: add callback to retrieve SSL/TLS messages. 1187 * SSL/TLS: support AES cipher suites (RFC3268). 1188 1189### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] 1190 1191 * Security: fix various ASN1 parsing bugs. 1192 * SSL/TLS protocol fix for unrequested client certificates. 1193 1194### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] 1195 1196 * Security: counter the Klima-Pokorny-Rosa extension of 1197 Bleichbacher's attack 1198 * Security: make RSA blinding default. 1199 * Build: shared library support fixes. 1200 1201### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] 1202 1203 * Important security related bugfixes. 1204 1205### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] 1206 1207 * New configuration targets for Tandem OSS and A/UX. 1208 * New OIDs for Microsoft attributes. 1209 * Better handling of SSL session caching. 1210 * Better comparison of distinguished names. 1211 * Better handling of shared libraries in a mixed GNU/non-GNU environment. 1212 * Support assembler code with Borland C. 1213 * Fixes for length problems. 1214 * Fixes for uninitialised variables. 1215 * Fixes for memory leaks, some unusual crashes and some race conditions. 1216 * Fixes for smaller building problems. 1217 * Updates of manuals, FAQ and other instructive documents. 1218 1219### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] 1220 1221 * Important building fixes on Unix. 1222 1223### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] 1224 1225 * Various important bugfixes. 1226 1227### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] 1228 1229 * Important security related bugfixes. 1230 * Various SSL/TLS library bugfixes. 1231 1232### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] 1233 1234 * Various SSL/TLS library bugfixes. 1235 * Fix DH parameter generation for 'non-standard' generators. 1236 1237### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] 1238 1239 * Various SSL/TLS library bugfixes. 1240 * BIGNUM library fixes. 1241 * RSA OAEP and random number generation fixes. 1242 * Object identifiers corrected and added. 1243 * Add assembler BN routines for IA64. 1244 * Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 1245 MIPS Linux; shared library support for Irix, HP-UX. 1246 * Add crypto accelerator support for AEP, Baltimore SureWare, 1247 Broadcom and Cryptographic Appliance's keyserver 1248 [in 0.9.6c-engine release]. 1249 1250### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] 1251 1252 * Security fix: PRNG improvements. 1253 * Security fix: RSA OAEP check. 1254 * Security fix: Reinsert and fix countermeasure to Bleichbacher's 1255 attack. 1256 * MIPS bug fix in BIGNUM. 1257 * Bug fix in "openssl enc". 1258 * Bug fix in X.509 printing routine. 1259 * Bug fix in DSA verification routine and DSA S/MIME verification. 1260 * Bug fix to make PRNG thread-safe. 1261 * Bug fix in RAND_file_name(). 1262 * Bug fix in compatibility mode trust settings. 1263 * Bug fix in blowfish EVP. 1264 * Increase default size for BIO buffering filter. 1265 * Compatibility fixes in some scripts. 1266 1267### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] 1268 1269 * Security fix: change behavior of OpenSSL to avoid using 1270 environment variables when running as root. 1271 * Security fix: check the result of RSA-CRT to reduce the 1272 possibility of deducing the private key from an incorrectly 1273 calculated signature. 1274 * Security fix: prevent Bleichenbacher's DSA attack. 1275 * Security fix: Zero the premaster secret after deriving the 1276 master secret in DH ciphersuites. 1277 * Reimplement SSL_peek(), which had various problems. 1278 * Compatibility fix: the function des_encrypt() renamed to 1279 des_encrypt1() to avoid clashes with some Unixen libc. 1280 * Bug fixes for Win32, HP/UX and Irix. 1281 * Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 1282 memory checking routines. 1283 * Bug fixes for RSA operations in threaded environments. 1284 * Bug fixes in misc. openssl applications. 1285 * Remove a few potential memory leaks. 1286 * Add tighter checks of BIGNUM routines. 1287 * Shared library support has been reworked for generality. 1288 * More documentation. 1289 * New function BN_rand_range(). 1290 * Add "-rand" option to openssl s_client and s_server. 1291 1292### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] 1293 1294 * Some documentation for BIO and SSL libraries. 1295 * Enhanced chain verification using key identifiers. 1296 * New sign and verify options to 'dgst' application. 1297 * Support for DER and PEM encoded messages in 'smime' application. 1298 * New 'rsautl' application, low-level RSA utility. 1299 * MD4 now included. 1300 * Bugfix for SSL rollback padding check. 1301 * Support for external crypto devices [1]. 1302 * Enhanced EVP interface. 1303 1304 [1] The support for external crypto devices is currently a separate 1305 distribution. See the file README-Engine.md. 1306 1307### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] 1308 1309 * Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 1310 * Shared library support for HPUX and Solaris-gcc 1311 * Support of Linux/IA64 1312 * Assembler support for Mingw32 1313 * New 'rand' application 1314 * New way to check for existence of algorithms from scripts 1315 1316### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] 1317 1318 * S/MIME support in new 'smime' command 1319 * Documentation for the OpenSSL command line application 1320 * Automation of 'req' application 1321 * Fixes to make s_client, s_server work under Windows 1322 * Support for multiple fieldnames in SPKACs 1323 * New SPKAC command line utility and associated library functions 1324 * Options to allow passwords to be obtained from various sources 1325 * New public key PEM format and options to handle it 1326 * Many other fixes and enhancements to command line utilities 1327 * Usable certificate chain verification 1328 * Certificate purpose checking 1329 * Certificate trust settings 1330 * Support of authority information access extension 1331 * Extensions in certificate requests 1332 * Simplified X509 name and attribute routines 1333 * Initial (incomplete) support for international character sets 1334 * New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 1335 * Read only memory BIOs and simplified creation function 1336 * TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 1337 record; allow fragmentation and interleaving of handshake and other 1338 data 1339 * TLS/SSL code now "tolerates" MS SGC 1340 * Work around for Netscape client certificate hang bug 1341 * RSA_NULL option that removes RSA patent code but keeps other 1342 RSA functionality 1343 * Memory leak detection now allows applications to add extra information 1344 via a per-thread stack 1345 * PRNG robustness improved 1346 * EGD support 1347 * BIGNUM library bug fixes 1348 * Faster DSA parameter generation 1349 * Enhanced support for Alpha Linux 1350 * Experimental macOS support 1351 1352### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] 1353 1354 * Transparent support for PKCS#8 format private keys: these are used 1355 by several software packages and are more secure than the standard 1356 form 1357 * PKCS#5 v2.0 implementation 1358 * Password callbacks have a new void * argument for application data 1359 * Avoid various memory leaks 1360 * New pipe-like BIO that allows using the SSL library when actual I/O 1361 must be handled by the application (BIO pair) 1362 1363### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] 1364 1365 * Lots of enhancements and cleanups to the Configuration mechanism 1366 * RSA OEAP related fixes 1367 * Added "openssl ca -revoke" option for revoking a certificate 1368 * Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 1369 * Source tree cleanups: removed lots of obsolete files 1370 * Thawte SXNet, certificate policies and CRL distribution points 1371 extension support 1372 * Preliminary (experimental) S/MIME support 1373 * Support for ASN.1 UTF8String and VisibleString 1374 * Full integration of PKCS#12 code 1375 * Sparc assembler bignum implementation, optimized hash functions 1376 * Option to disable selected ciphers 1377 1378### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] 1379 1380 * Fixed a security hole related to session resumption 1381 * Fixed RSA encryption routines for the p < q case 1382 * "ALL" in cipher lists now means "everything except NULL ciphers" 1383 * Support for Triple-DES CBCM cipher 1384 * Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 1385 * First support for new TLSv1 ciphers 1386 * Added a few new BIOs (syslog BIO, reliable BIO) 1387 * Extended support for DSA certificate/keys. 1388 * Extended support for Certificate Signing Requests (CSR) 1389 * Initial support for X.509v3 extensions 1390 * Extended support for compression inside the SSL record layer 1391 * Overhauled Win32 builds 1392 * Cleanups and fixes to the Big Number (BN) library 1393 * Support for ASN.1 GeneralizedTime 1394 * Splitted ASN.1 SETs from SEQUENCEs 1395 * ASN1 and PEM support for Netscape Certificate Sequences 1396 * Overhauled Perl interface 1397 * Lots of source tree cleanups. 1398 * Lots of memory leak fixes. 1399 * Lots of bug fixes. 1400 1401### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] 1402 1403 * Integration of the popular NO_RSA/NO_DSA patches 1404 * Initial support for compression inside the SSL record layer 1405 * Added BIO proxy and filtering functionality 1406 * Extended Big Number (BN) library 1407 * Added RIPE MD160 message digest 1408 * Added support for RC2/64bit cipher 1409 * Extended ASN.1 parser routines 1410 * Adjustments of the source tree for CVS 1411 * Support for various new platforms 1412 1413<!-- Links --> 1414 1415[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 1416[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 1417[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 1418[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 1419[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 1420[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 1421[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 1422[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 1423[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 1424[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 1425[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 1426[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 1427[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 1428[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 1429[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 1430[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 1431[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 1432[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 1433[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 1434[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 1435[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 1436[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 1437[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 1438[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 1439[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 1440[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 1441[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 1442[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 1443[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 1444[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 1445[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 1446[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 1447[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 1448[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 1449[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 1450[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 1451[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 1452[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 1453[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 1454[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 1455[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 1456[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 1457[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 1458[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 1459[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 1460[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 1461[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 1462[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 1463[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 1464[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 1465[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 1466[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 1467[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 1468[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 1469[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 1470[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 1471[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 1472[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 1473[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 1474[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 1475[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 1476[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 1477[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 1478[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 1479[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 1480[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 1481[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 1482[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 1483[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 1484[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 1485[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 1486[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 1487[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 1488[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 1489[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 1490[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 1491[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 1492[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 1493[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 1494[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 1495[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 1496[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 1497[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 1498[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 1499[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 1500[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 1501[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 1502[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 1503[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 1504[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 1505[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 1506[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 1507[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 1508[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 1509[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 1510[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 1511[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 1512[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 1513[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 1514[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 1515[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 1516[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 1517[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198 1518[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 1519[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 1520[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 1521[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 1522[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449 1523[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 1524[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 1525[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 1526[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 1527[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 1528[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 1529[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 1530[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 1531[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 1532[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 1533[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 1534[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 1535[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 1536[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 1537[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 1538[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 1539[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298 1540[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 1541[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 1542[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 1543[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939 1544[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 1545[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 1546[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 1547[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 1548[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 1549[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 1550[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 1551[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 1552[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 1553[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 1554[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737 1555[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 1556[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 1557[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 1558