Re: OpenSSL 1.0.1 released
On 3/14/2012 12:27 PM, Bruce Stephens wrote: open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. Recall, you can patch around the OpenSSL project compilation. You cannot patch around the OpenSSL/FIPS 2.0[future] package compilation. So this issue probably isn't fatal. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and bugfix only, no new features. E.g. 1.0.0-1.0.0a Changes to last number: new ABI compatible features. E.g. 1.0.0-1.0.1 Changes to middle number: major release, ABI compatibility not guaranteed. E.g. 1.0.0-1.1.0 btw, are there any plans to use symbol versioning on systems that support it? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Thursday 15 March 2012 03:19:07 Ludwig Nussel wrote: Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and bugfix only, no new features. E.g. 1.0.0-1.0.0a Changes to last number: new ABI compatible features. E.g. 1.0.0-1.0.1 Changes to middle number: major release, ABI compatibility not guaranteed. E.g. 1.0.0-1.1.0 btw, are there any plans to use symbol versioning on systems that support it? as long as it's backwards compatible in the minor versions, symbol versioning isn't necessary. if you want to do across 1.x, then you'd prob need symbol versioning, but getting past minor version incompatibles is a huge improvement. -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
William A. Rowe Jr. wr...@rowe-clan.net writes: On 3/14/2012 12:27 PM, Bruce Stephens wrote: open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. Recall, you can patch around the OpenSSL project compilation. You cannot patch around the OpenSSL/FIPS 2.0[future] package compilation. So this issue probably isn't fatal. Of course, I understand that and we do patch OpenSSL for such issues. So it's not a brown paper bag issue by any means and 1.0.1a seems quite appropriate. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL 1.0.1 released
Hello, Thank you very much for 1.0.1 release. It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it. Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. Thank you. Regards, Z -Original Message- From: OpenSSL [mailto:open...@master.openssl.org] Sent: den 14 mars 2012 16:09 To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.1 released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1 released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1 of our open source toolkit for SSL/TLS. This new OpenSSL version is a new feature release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1.tar.gz Size: 4453920 MD5 checksum: 134f168bc2a8333f19f81d684841710b SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1.tar.gz openssl sha1 openssl-1.0.1.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7 TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07 LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ== =yHMc -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. http://www.mail-archive.com/openssl-dev@openssl.org/msg29956.html __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f What is producing that warning? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, 2012-03-14 at 19:36 +0100, Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f What is producing that warning? This is a problem of the applications (OpenSSH, postgresql,) that do not expect different versions of openssl to be ABI compatible. They compare the version that they were compiled against to the version reported by the library. They usually ignore only the patch level number (abcde...). We had to patch the version number in the library to stay constant. I suppose these applications should have the version check removed as it is not guaranteed to work anyway as the ABI of openssl depends also on the compiled-in ciphers and other compile time options. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 14:36:09 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f What is producing that warning? $ ssh-keygen -l OpenSSL version mismatch. Built against 105f, you have 1000100f -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f As far as I know, we disabled most such checks in Debian because they're not really useful. I can change the ABI without changing the version, or have the same ABI with a different version. If it's not compatible the soname should have changed. The appliation shouldn't go and second guess that it's really compatible or not. And if the soname stays the same but the ABI is not compatible, we also have ways to deal with that. Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. [...] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Bruce Stephens wrote: open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. [...] Opps, that's something for 1.0.1a anyway... The alternative of using the FIPSDIR environment variable (you have to use that with the FIPS module anyway) should be OK though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 17:18:19 Kurt Roeckx wrote: On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f As far as I know, we disabled most such checks in Debian because they're not really useful. I can change the ABI without changing the version, or have the same ABI with a different version. If it's not compatible the soname should have changed. The appliation shouldn't go and second guess that it's really compatible or not. And if the soname stays the same but the ABI is not compatible, we also have ways to deal with that. i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? there was nothing in the notes that i saw, and this is a significant change in behavior from how openssl has loong operated. and it wouldn't be the first time that a new openssl release had bugs in it including forgetting to update the version number (which i've reported before) or can't even compile for some targets due to files missing from the release tarball. if, indeed, openssl has started down the enlightened ABI compatible path, then i can work on fixing relevant packages that do runtime version sanity checks such as openssh. but i haven't heard an answer in either direction as to the openssl behavior: it's a bug or it's correct behavior. -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and bugfix only, no new features. E.g. 1.0.0-1.0.0a Changes to last number: new ABI compatible features. E.g. 1.0.0-1.0.1 Changes to middle number: major release, ABI compatibility not guaranteed. E.g. 1.0.0-1.1.0 This is the first feature release that has been done since he versioning scheme changed so there may be some issues to iron out... Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ It seems to be missing from the FTP site. -- Iain Morgan PS: Contrats (and thanks) on releasing 1.0.1! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Iain Morgan wrote: On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ It seems to be missing from the FTP site. Ooops, fixed now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
I've looked at that, and the modes part is quite integral to a number of other algorithms. Supporting it being turned off is likely to be a maintainance nightmare (especially since it will seldom blow up considering most platforms today have a C compiler that supports long long). My conclusion is that we should stop trying to support compilers that don't support long long. Unfortunately for VAX, it means that we have to stop supporting that, unless you know of a compiler that supports long long on that platform. Cheers, Richard In message ed0c8ca331b65bf9ee31289d352ed04d20efff39@localhost on Wed, 14 Mar 2012 17:14:52 +0100, Arpadffy Zoltan zoltan.arpad...@scientificgames.se said: Zoltan.Arpadffy Hello, Zoltan.Arpadffy Zoltan.Arpadffy Thank you very much for 1.0.1 release. Zoltan.Arpadffy Zoltan.Arpadffy It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it. Zoltan.Arpadffy Zoltan.Arpadffy Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. Zoltan.Arpadffy Zoltan.Arpadffy Thank you. Zoltan.Arpadffy Zoltan.Arpadffy Regards, Zoltan.Arpadffy Z Zoltan.Arpadffy Zoltan.Arpadffy -Original Message- Zoltan.Arpadffy From: OpenSSL [mailto:open...@master.openssl.org] Zoltan.Arpadffy Sent: den 14 mars 2012 16:09 Zoltan.Arpadffy To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Zoltan.Arpadffy Subject: OpenSSL 1.0.1 released Zoltan.Arpadffy Zoltan.Arpadffy -BEGIN PGP SIGNED MESSAGE- Zoltan.Arpadffy Hash: SHA1 Zoltan.Arpadffy Zoltan.Arpadffy Zoltan.ArpadffyOpenSSL version 1.0.1 released Zoltan.Arpadffy=== Zoltan.Arpadffy Zoltan.ArpadffyOpenSSL - The Open Source toolkit for SSL/TLS Zoltan.Arpadffyhttp://www.openssl.org/ Zoltan.Arpadffy Zoltan.ArpadffyThe OpenSSL project team is pleased to announce the release of Zoltan.Arpadffyversion 1.0.1 of our open source toolkit for SSL/TLS. This new Zoltan.ArpadffyOpenSSL version is a new feature release. For a complete Zoltan.Arpadffylist of changes, please see Zoltan.Arpadffy Zoltan.Arpadffyhttp://www.openssl.org/source/exp/CHANGES. Zoltan.Arpadffy Zoltan.ArpadffyThe most significant changes are: Zoltan.Arpadffy Zoltan.Arpadffy o TLS/DTLS heartbeat support. Zoltan.Arpadffy o SCTP support. Zoltan.Arpadffy o RFC 5705 TLS key material exporter. Zoltan.Arpadffy o RFC 5764 DTLS-SRTP negotiation. Zoltan.Arpadffy o Next Protocol Negotiation. Zoltan.Arpadffy o PSS signatures in certificates, requests and CRLs. Zoltan.Arpadffy o Support for password based recipient info for CMS. Zoltan.Arpadffy o Support TLS v1.2 and TLS v1.1. Zoltan.Arpadffy o Preliminary FIPS capability for unvalidated 2.0 FIPS module. Zoltan.Arpadffy o SRP support. Zoltan.Arpadffy Zoltan.ArpadffyWe consider OpenSSL 1.0.1 to be the best version of OpenSSL Zoltan.Arpadffyavailable and we strongly recommend that users of older versions Zoltan.Arpadffyupgrade as soon as possible. OpenSSL 1.0.1 is available for Zoltan.Arpadffydownload via HTTP and FTP from the following master locations (you Zoltan.Arpadffycan find the various FTP mirrors under Zoltan.Arpadffyhttp://www.openssl.org/source/mirror.html): Zoltan.Arpadffy Zoltan.Arpadffy * http://www.openssl.org/source/ Zoltan.Arpadffy * ftp://ftp.openssl.org/source/ Zoltan.Arpadffy Zoltan.ArpadffyThe distribution file name is: Zoltan.Arpadffy Zoltan.Arpadffy o openssl-1.0.1.tar.gz Zoltan.Arpadffy Size: 4453920 Zoltan.Arpadffy MD5 checksum: 134f168bc2a8333f19f81d684841710b Zoltan.Arpadffy SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907 Zoltan.Arpadffy Zoltan.ArpadffyThe checksums were calculated using the following commands: Zoltan.Arpadffy Zoltan.Arpadffy openssl md5 openssl-1.0.1.tar.gz Zoltan.Arpadffy openssl sha1 openssl-1.0.1.tar.gz Zoltan.Arpadffy Zoltan.ArpadffyYours, Zoltan.Arpadffy Zoltan.ArpadffyThe OpenSSL Project Team. Zoltan.Arpadffy Zoltan.Arpadffy -BEGIN PGP SIGNATURE- Zoltan.Arpadffy Version: GnuPG v1.4.11 (GNU/Linux) Zoltan.Arpadffy Zoltan.Arpadffy iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7 Zoltan.Arpadffy TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd Zoltan.Arpadffy vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07 Zoltan.Arpadffy LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk Zoltan.Arpadffy hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow Zoltan.Arpadffy eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ== Zoltan.Arpadffy =yHMc Zoltan.Arpadffy -END PGP SIGNATURE- Zoltan.Arpadffy __ Zoltan.Arpadffy
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 19:23:14 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and bugfix only, no new features. E.g. 1.0.0-1.0.0a Changes to last number: new ABI compatible features. E.g. 1.0.0-1.0.1 Changes to middle number: major release, ABI compatibility not guaranteed. E.g. 1.0.0-1.1.0 This is the first feature release that has been done since he versioning scheme changed so there may be some issues to iron out... thanks. i've posted a report for the openssh guys. https://bugzilla.mindrot.org/show_bug.cgi?id=1991 -mike signature.asc Description: This is a digitally signed message part.