We have released LibreSSL 2.2.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.
This release marks the end of the OpenBSD 5.8 development cycle, featuring expanded portable build support, code improvements, removal of obsolete workarounds. SSLv3 deprecation continues with its removal from openssl(1) and new linker warnings on supported platforms, indicating if a program is still using the SSLv3-only methods. We are working with upstream software providers to update programs that were not ready for SSLv3 support to be removed entirely yet. * Switched 'openssl dhparam' default from 512 to 2048 bits * Reworked openssl(1) option handling * More CRYPTO ByteString (CBC) packet parsing conversions * Fixed 'openssl pkeyutl -verify' to exit with a 0 on success * Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more. * Ensure that openssl(1) restores terminal echo state after reading a password. * Incorporated fix for OpenSSL Issue #3683 * LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped for each portable release. * Removed workarounds for TLS client padding bugs. * No longer disable ECDHE-ECDSA on OS X * Removed SSLv3 support from openssl(1) * Removed IE 6 SSLv3 workarounds. * Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. * Removed RSAX engine * Tested SSLv3 removal with the OpenBSD ports tree and found several applications that were not ready to build without SSLv3 yet. For now, building a program that intentionally uses SSLv3 will result in a linker warning. * Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. * Added initial cmake build support, including support for building with Visual Studio, currently working with Visual Studio 2013 Community Edition. There are some issues with earlier versions of Visual Studio that will be resolved in a future release. * --with-enginesdir is removed as a configuration parameter * Default cert.pem, openssl.cnf, and x509v3.cnf files are now installed under $sysconfdir/ssl or the directory specified by --with-openssldir. Previous versions of LibreSSL left these empty. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
