openssl-3/openssl-3.changes

59 lines
3.0 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Wed May 20 12:46:24 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Obsolete openssl 1.1
- Update baselibs.conf
- Fix file permissions
-------------------------------------------------------------------
Fri May 15 15:29:05 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Update to 3.0.0 Alpha 2
- drop obsolete version.patch
-------------------------------------------------------------------
Thu Apr 23 19:49:05 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Initial packaging 3.0.0 Alpha 1
* Major Release
OpenSSL 3.0 is a major release and consequently any application
that currently uses an older version of OpenSSL will at the
very least need to be recompiled in order to work with the new version.
It is the intention that the large majority of applications will
work unchanged with OpenSSL 3.0 if those applications previously
worked with OpenSSL 1.1.1. However this is not guaranteed and
some changes may be required in some cases.
* Providers and FIPS support
Providers collect together and make available algorithm implementations.
With OpenSSL 3.0 it is possible to specify, either programmatically
or via a config file, which providers you want to use for any given application
* Low Level APIs
Use of the low level APIs have been deprecated.
* Legacy Algorithms
Some cryptographic algorithms that were available via the EVP APIs
are now considered legacy and their use is strongly discouraged.
These legacy EVP algorithms are still available in OpenSSL 3.0 but not by default.
If you want to use them then you must load the legacy provider.
* Engines and "METHOD" APIs
The ENGINE API and any function that creates or modifies custom "METHODS"
are being deprecated in OpenSSL 3.0
Authors and maintainers of external engines are strongly encouraged to
refactor their code transforming engines into providers using
the new Provider API and avoiding deprecated methods.
* Versioning Scheme
The OpenSSL versioning scheme has changed with the 3.0 release.
The new versioning scheme has this format: MAJOR.MINOR.PATCH
The patch level is indicated by the third number instead of a letter
at the end of the release version number.
A change in the second (MINOR) number indicates that new features may have been added.
OpenSSL versions with the same major number are API and ABI compatible.
If the major number changes then API and ABI compatibility is not guaranteed.
* Other major new features
Implementation of the Certificate Management Protocol (CMP, RFC 4210)
also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
A proper HTTP(S) client in libcrypto supporting GET and POST,
redirection, plain and ASN.1-encoded contents, proxies, and timeouts
EVP_KDF APIs have been introduced for working with Key Derivation Functions
EVP_MAC APIs have been introduced for working with MACs
Support for Linux Kernel TLS