#4346: openssl-1.1.1
--------------------+-----------------------
Reporter: bdubbs | Owner: lfs-book
Type: task | Status: new
Priority: normal | Milestone: 8.4
Component: Book | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Comment (by bdubbs):
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
* Support for TLSv1.3 added (see
https://wiki.openssl.org/index.php/TLS1.3
for further important information). The TLSv1.3 implementation
includes:
* Fully compliant implementation of RFC8446 (TLSv1.3) on by
default
* Early data (0-RTT)
* Post-handshake authentication and key update
* Middlebox Compatibility Mode
* TLSv1.3 PSKs
* Support for all five RFC8446 ciphersuites
* RSA-PSS signature algorithms (backported to TLSv1.2)
* Configurable session ticket support
* Stateless server support
* Rewrite of the packet construction code for "safer" packet
handling
* Rewrite of the extension handling code
* Complete rewrite of the OpenSSL random number generator to
introduce the
following capabilities
* The default RAND method now utilizes an AES-CTR DRBG according
to
NIST standard SP 800-90Ar1.
* Support for multiple DRBG instances with seed chaining.
* There is a public and private DRBG instance.
* The DRBG instances are fork-safe.
* Keep all global DRBG instances on the secure heap if it is
enabled.
* The public and private DRBG instance are per thread for lock
free
*peration
* Support for various new cryptographic algorithms including:
* SHA3
* SHA512/224 and SHA512/256
* EdDSA (both Ed25519 and Ed448) including X509 and TLS support
* X448 (adding to the existing X25519 support in 1.1.0)
* Multi-prime RSA
* SM2
* SM3
* SM4
* SipHash
* ARIA (including TLS support)
* Significant Side-Channel attack security improvements
* Add a new ClientHello callback to provide the ability to adjust
the SSL
*bject at an early stage.
* Add 'Maximum Fragment Length' TLS extension negotiation and
support
* A new STORE module, which implements a uniform and URI based
reader of
stores that can contain keys, certificates, CRLs and numerous
other
*bjects.
* Move the display of configuration data to configdata.pm.
* Allow GNU style "make variables" to be used with Configure.
* Claim the namespaces OSSL and OPENSSL, represented as symbol
prefixes
* Rewrite of devcrypto engine
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4346#comment:1>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
