source: UsbWattMeter/trunk/wolfssl-3.7.0/README@ 164

Last change on this file since 164 was 164, checked in by coas-nagasima, 6 years ago

TOPPERS/ECNLサンプルアプリ「USB充電器電力計」を追加

File size: 47.3 KB
Line 
1*** Notes, Please read ***
2
3Note 1)
4wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
5longer supports static key cipher suites with PSK, RSA, or ECDH. This means
6if you plan to use TLS cipher suites you must enable DH (DH is on by default),
7or enable ECC (ECC is on by default on 64bit systems), or you must enable static
8key cipher suites with
9 WOLFSSL_STATIC_DH
10 WOLFSSL_STATIC_RSA
11 or
12 WOLFSSL_STATIC_PSK
13
14though static key cipher suites are deprecated and will be removed from future
15versions of TLS. They also lower your security by removing PFS.
16
17When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
18are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
19in the event that you desire that, i.e., you're not using TLS cipher suites.
20
21Note 2)
22wolfSSL takes a different approach to certificate verification than OpenSSL
23does. The default policy for the client is to verify the server, this means
24that if you don't load CAs to verify the server you'll get a connect error,
25no signer error to confirm failure (-188).
26If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
27verifying the server fails and reducing security you can do this by calling:
28
29wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
30
31before calling wolfSSL_new(); Though it's not recommended.
32
33*** end Notes ***
34
35 ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)
36
37Release 3.7.0 of wolfSSL has bug fixes and new features including:
38
39- ALPN extension support added for HTTP2 connections with --enable-alpn
40- Change of example/client/client max fragment flag -L -> -F
41- Throughput benchmarking, added scripts/benchmark.test
42- Sniffer API ssl_FreeDecodeBuffer added
43- Addition of AES_GCM to Sniffer
44- Sniffer change to handle unlimited decrypt buffer size
45- New option for the sniffer where it will try to pick up decoding after a
46 sequence number acknowldgement fault. Also includes some additional stats.
47- JNI API setter and getter function for jobject added
48- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto
49- fix to asn configuration bug
50- AES-GCM/CCM fixes.
51- Port for Rowley added
52- Rowley Crossworks bare metal examples added
53- MDK5-ARM project update
54- FreeRTOS support updates.
55- VXWorks support updates.
56- Added the IDEA cipher and support in wolfSSL.
57- Update wolfSSL website CA.
58- CFLAGS is usable when configuring source.
59
60- No high level security fixes that requires an update though we always
61recommend updating to the latest
62
63See INSTALL file for build instructions.
64More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
65
66 ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015)
67
68Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also
69includes bug fixes and new features including:
70
71- Two High level security fixes, all users SHOULD update.
72 a) If using wolfSSL for DTLS on the server side of a publicly accessible
73 machine you MUST update.
74 b) If using wolfSSL for TLS on the server side with private RSA keys allowing
75 ephemeral key exchange without low memory optimizations you MUST update and
76 regenerate the private RSA keys.
77
78 Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details
79
80- No filesystem build fixes for various configurations
81- Certificate generation now supports several extensions including KeyUsage,
82 SKID, AKID, and Certificate Policies
83- CRLs can be loaded from buffers as well as files now
84- SHA-512 Certificate Signing generation
85- Fixes for sniffer reassembly processing
86
87See INSTALL file for build instructions.
88More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
89
90 ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
91
92Release 3.6.6 of wolfSSL has bug fixes and new features including:
93
94- OpenSSH compatibility with --enable-openssh
95- stunnel compatibility with --enable-stunnel
96- lighttpd compatibility with --enable-lighty
97- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
98- Ephemeral key cipher suites only are now supported by default
99 To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
100 To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
101 To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
102- Added QSH (quantum-safe handshake) extension with --enable-ntru
103- SRP is now part of wolfCrypt, enable with --enabe-srp
104- Certificate handshake messages can now be sent fragmented if the record
105 size is smaller than the total message size, no user action required.
106- DTLS duplicate message fixes
107- Visual Studio project files now support DLL and static builds for 32/64bit.
108- Support for new Freescale I/O
109- FreeRTOS FIPS support
110
111- No high level security fixes that requires an update though we always
112 recommend updating to the latest
113
114See INSTALL file for build instructions.
115More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
116
117 **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
118
119Release 3.6.0 of wolfSSL has bug fixes and new features including:
120
121- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
122 Forward Secrecy). With --enable-maxstrength
123- Server side session ticket support, the example server and echoserver use the
124 example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
125- FIPS version submitted for iOS.
126- TI Crypto Hardware Acceleration
127- DTLS fragmentation fixes
128- ECC key check validation with wc_ecc_check_key()
129- 32bit code options to reduce memory for Curve25519 and Ed25519
130- wolfSSL JNI build switch with --enable-jni
131- PicoTCP support improvements
132- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
133- KEEP_PEER_CERT and AltNames can now be used together
134- ChaCha20 big endian fix
135- SHA-512 signature algorithm support for key exchange and verify messages
136- ECC make key crash fix on RNG failure, ECC users must update.
137- Improvements to usage of time code.
138- Improvements to VS solution files.
139- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
140 add -fdebug-types-section to C_EXTRA_FLAGS
141
142- No high level security fixes that requires an update though we always
143 recommend updating to the latest (except note 14, ecc RNG failure)
144
145See INSTALL file for build instructions.
146More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
147
148
149 *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
150
151Release 3.4.6 of wolfSSL has bug fixes and new features including:
152
153- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2,
154 rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm.
155 These speedup the use of RNG, SHA2, and public key algorithms.
156- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples
157 in wolcrypt/test/test.c ed25519_test().
158- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes
159 of memory per secure connection including cipher state.
160- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and
161 ctaocrypt headers which will enable the compatibility APIs for the
162 foreseeable future
163- INSTALL file to help direct users to build instructions for their environment
164- For ECC users with the normal math library a fix that prevents a crash when
165 verify signature fails. Users of 3.4.0 with ECC and the normal math library
166 must update
167- RC4 is now disabled by default in autoconf mode
168- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers
169 available without a switch
170- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution
171- DHE-PSK cipher suites can now be built without ASN or Cert support
172- Fix some NO MD5 build issues with optional features
173- Freescale CodeWarrior project updates
174- ECC curves can be individually turned on/off at build time.
175- Sniffer handles Cert Status message and other minor fixes
176- SetMinVersion() at the wolfSSL Context level instead of just SSL session level
177 to allow minimum protocol version allowed at runtime
178- RNG failure resource cleanup fix
179
180- No high level security fixes that requires an update though we always
181 recommend updating to the latest (except note 6 use case of ecc/normal math)
182
183See INSTALL file for build instructions.
184More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
185
186
187 *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015)
188
189Release 3.4.0 wolfSSL has bug fixes and new features including:
190
191- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt
192 headers which will enable the compatibility APIs for the foreseeable future
193- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
194- Example use of the wolfSSL API can be found in examples/client/client.c
195- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
196- Improvements in the build configuration under AIX
197- Microchip Pic32 MZ updates
198- TIRTOS updates
199- PowerPC updates
200- Xcode project update
201- Bidirectional shutdown examples in client/server with -w (wait for full
202 shutdown) option
203- Cycle counts on benchmarks for x86_64, more coming soon
204- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA
205 keys
206- Various compile warnings
207- Scan-build warning fixes
208- Changed a memcpy to memmove in the sniffer (if using sniffer please update)
209- No high level security fixes that requires an update though we always
210 recommend updating to the latest
211
212
213 ***********CyaSSL Release 3.3.0 (12/05/2014)
214
215- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without
216 FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from
217 the Prosecco team at INRIA Paris-Rocquencourt for the report.
218- FIPS version submitted
219- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
220- User can set minimum downgrade version with CyaSSL_SetMinVersion()
221- Small stack improvements at TLS/SSL layer
222- TLS Master Secret generation and Key Expansion are now exposed
223- Adds client side Secure Renegotiation, * not recommended *
224- Client side session ticket support, not fully tested with Secure Renegotiation
225- Allows up to 4096bit DHE at TLS Key Exchange layer
226- Handles non standard SessionID sizes in Hello Messages
227- PicoTCP Support
228- Sniffer now supports SNI Virtual Hosts
229- Sniffer now handles non HTTPS protocols using STARTTLS
230- Sniffer can now parse records with multiple messages
231- TI-RTOS updates
232- Fix for ColdFire optimized fp_digit read only in explicit 32bit case
233- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST
234
235The CyaSSL manual is available at:
236http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
237and comments about the new features please check the manual.
238
239
240***********CyaSSL Release 3.2.0 (09/10/2014)
241
242Release 3.2.0 CyaSSL has bug fixes and new features including:
243
244- ChaCha20 and Poly1305 crypto and suites
245- Small stack improvements for OCSP, CRL, TLS, DTLS
246- NTRU Encrypt and Decrypt benchmarks
247- Updated Visual Studio project files
248- Updated Keil MDK5 project files
249- Fix for DTLS sequence numbers with GCM/CCM
250- Updated HashDRBG with more secure struct declaration
251- TI-RTOS support and example Code Composer Studio project files
252- Ability to get enabled cipher suites, CyaSSL_get_ciphers()
253- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU
254- Sniffer improvement checking for decrypt key setup
255- Support for raw ECC key import
256- Ability to convert ecc_key to DER, EccKeyToDer()
257- Security fix for RSA Padding check vulnerability reported by Intel Security
258 Advanced Threat Research team
259
260The CyaSSL manual is available at:
261http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
262and comments about the new features please check the manual.
263
264
265************ CyaSSL Release 3.1.0 (07/14/2014)
266
267Release 3.1.0 CyaSSL has bug fixes and new features including:
268
269- Fix for older versions of icc without 128-bit type
270- Intel ASM syntax for AES-NI
271- Updated NTRU support, keygen benchmark
272- FIPS check for minimum required HMAC key length
273- Small stack (--enable-smallstack) improvements for PKCS#7, ASN
274- TLS extension support for DTLS
275- Default I/O callbacks external to user
276- Updated example client with bad clock test
277- Ability to set optional ECC context info
278- Ability to enable/disable DH separate from opensslextra
279- Additional test key/cert buffers for CA and server
280- Updated example certificates
281
282The CyaSSL manual is available at:
283http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
284and comments about the new features please check the manual.
285
286
287************ CyaSSL Release 3.0.2 (05/30/2014)
288
289Release 3.0.2 CyaSSL has bug fixes and new features including:
290
291- Added the following cipher suites:
292 * TLS_PSK_WITH_AES_128_GCM_SHA256
293 * TLS_PSK_WITH_AES_256_GCM_SHA384
294 * TLS_PSK_WITH_AES_256_CBC_SHA384
295 * TLS_PSK_WITH_NULL_SHA384
296 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
297 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
298 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
299 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
300 * TLS_DHE_PSK_WITH_NULL_SHA256
301 * TLS_DHE_PSK_WITH_NULL_SHA384
302 * TLS_DHE_PSK_WITH_AES_128_CCM
303 * TLS_DHE_PSK_WITH_AES_256_CCM
304- Added AES-NI support for Microsoft Visual Studio builds.
305- Changed small stack build to be disabled by default.
306- Updated the Hash DRBG and provided a configure option to enable.
307
308The CyaSSL manual is available at:
309http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
310and comments about the new features please check the manual.
311
312
313************ CyaSSL Release 3.0.0 (04/29/2014)
314
315Release 3.0.0 CyaSSL has bug fixes and new features including:
316
317- FIPS release candidate
318- X.509 improvements that address items reported by Suman Jana with security
319 researchers at UT Austin and UC Davis
320- Small stack size improvements, --enable-smallstack. Offloads large local
321 variables to the heap. (Note this is not complete.)
322- Updated AES-CCM-8 cipher suites to use approved suite numbers.
323
324The CyaSSL manual is available at:
325http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
326and comments about the new features please check the manual.
327
328
329************ CyaSSL Release 2.9.4 (04/09/2014)
330
331Release 2.9.4 CyaSSL has bug fixes and new features including:
332
333- Security fixes that address items reported by Ivan Fratric of the Google
334 Security Team
335- X.509 Unknown critical extensions treated as errors, report by Suman Jana with
336 security researchers at UT Austin and UC Davis
337- Sniffer fixes for corrupted packet length and Jumbo frames
338- ARM thumb mode assembly fixes
339- Xcode 5.1 support including new clang
340- PIC32 MZ hardware support
341- CyaSSL Object has enough room to read the Record Header now w/o allocs
342- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA.
343- A sample I/O pool is demonstrated with --enable-iopool to overtake memory
344 handling and reduce memory fragmentation on I/O large sizes
345
346The CyaSSL manual is available at:
347http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
348and comments about the new features please check the manual.
349
350
351************ CyaSSL Release 2.9.0 (02/07/2014)
352
353Release 2.9.0 CyaSSL has bug fixes and new features including:
354- Freescale Kinetis RNGB support
355- Freescale Kinetis mmCAU support
356- TLS Hello extensions
357 - ECC
358 - Secure Renegotiation (null)
359 - Truncated HMAC
360- SCEP support
361 - PKCS #7 Enveloped data and signed data
362 - PKCS #10 Certificate Signing Request generation
363- DTLS sliding window
364- OCSP Improvements
365 - API change to integrate into Certificate Manager
366 - IPv4/IPv6 agnostic
367 - example client/server support for OCSP
368 - OCSP nonces are optional
369- GMAC hashing
370- Windows build additions
371- Windows CYGWIN build fixes
372- Updated test certificates
373- Microchip MPLAB Harmony support
374- Update autoconf scripts
375- Additional X.509 inspection functions
376- ECC encrypt/decrypt primitives
377- ECC Certificate generation
378
379The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
380K53 Sub-Family Reference Manual:
381http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf
382
383Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation
384can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library
385User Guide":
386http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf
387
388
389*****************CyaSSL Release 2.8.0 (8/30/2013)
390
391Release 2.8.0 CyaSSL has bug fixes and new features including:
392- AES-GCM and AES-CCM use AES-NI
393- NetX default IO callback handlers
394- IPv6 fixes for DTLS Hello Cookies
395- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys()
396- SEP certificate extensions
397- Callback getters for easier resource freeing
398- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing
399- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing
400- Public Key Callbacks for ECC and RSA
401- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2
402
403
404The CyaSSL manual is available at:
405http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
406and comments about the new features please check the manual.
407
408
409*****************CyaSSL Release 2.7.0 (6/17/2013)
410
411Release 2.7.0 CyaSSL has bug fixes and new features including:
412- SNI support for client and server
413- KEIL MDK-ARM projects
414- Wildcard check to domain name match, and Subject altnames are checked too
415- Better error messages for certificate verification errors
416- Ability to discard session during handshake verify
417- More consistent error returns across all APIs
418- Ability to unload CAs at the CTX or CertManager level
419- Authority subject id support for Certificate matching
420- Persistent session cache functionality
421- Persistent CA cache functionality
422- Client session table lookups to push serverID table to library level
423- Camellia support to sniffer
424- User controllable settings for DTLS timeout values
425- Sniffer fixes for caching long lived sessions
426- DTLS reliability enhancements for the handshake
427- Better ThreadX support
428
429When compiling with Mingw, libtool may give the following warning due to
430path conversion errors:
431
432libtool: link: Could not determine host file name corresponding to **
433libtool: link: Continuing, but uninstalled executables may not work.
434
435If so, examples and testsuite will have problems when run, showing an
436error while loading shared libraries. To resolve, please run "make install".
437
438The CyaSSL manual is available at:
439http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
440and comments about the new features please check the manual.
441
442
443************** CyaSSL Release 2.6.0 (04/15/2013)
444
445Release 2.6.0 CyaSSL has bug fixes and new features including:
446- DTLS 1.2 support including AEAD ciphers
447- SHA-3 finalist Blake2 support, it's fast and uses little resources
448- SHA-384 cipher suites including ECC ones
449- HMAC now supports SHA-512
450- Track memory use for example client/server with -t option
451- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were
452 turned on, localhost only was used. Now link-local (with scope ids) and ipv6
453 hosts can be used as well.
454- Xcode v4.6 project for iOS v6.1 update
455- settings.h is now checked in all *.c files for true one file setting detection
456- Better alignment at SSL layer for hardware crypto alignment needs
457 * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and
458 13 bytes DTLS headers, but every effort is now made to align with the
459 CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
460- NO_64BIT flag to turn off 64bit data type accumulators in public key code
461 * Note, some systems are faster with 32bit accumulators
462- --enable-stacksize for example client/server stack use
463 * Note, modern desktop Operating Systems may add bytes to each stack frame
464- Updated compression/decompression with direct crypto access
465- All ./configure options are now lowercase only for consistency
466- ./configure builds default to fastmath option
467 * Note, if on ia32 and building in shared mode this may produce a problem
468 with a missing register being available because of PIC, there are at least
469 6 solutions to this:
470 1) --disable-fastmath , don't use fastmath
471 2) --disable-shared, don't build a shared library
472 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use
473 4) use clang, it just seems to work
474 5) play around with no PIC options to force all registers being open,
475 e.g, --without-pic
476 6) if static lib is still a problem try removing fPIE
477- Many new ./configure switches for option enable/disable for example
478 * rsa
479 * dh
480 * dsa
481 * md5
482 * sha
483 * arc4
484 * null (allow NULL ciphers)
485 * oldtls (only use TLS 1.2)
486 * asn (no certs or public keys allowed)
487- ./configure generates cyassl/options.h which allows a header the user can
488 include in their app to make sure the same options are set at the app and
489 CyaSSL level.
490- autoconf no longer needs serial-tests which lowers version requirements of
491 automake to 1.11 and autoconf to 2.63
492
493The CyaSSL manual is available at:
494http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
495and comments about the new features please check the manual.
496
497
498
499************** CyaSSL Release 2.5.0 (02/04/2013)
500
501Release 2.5.0 CyaSSL has bug fixes and new features including:
502- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and
503 Kenny Paterson: http://www.isg.rhul.ac.uk/tls/
504- Microchip PIC32 (MIPS16, MIPS32) support
505- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit
506- Updated CTaoCrypt benchmark app for embedded systems
507- 1024-bit test certs/keys and cert/key buffers
508- AES-CCM-8 crypto and cipher suites
509- Camellia crypto and cipher suites
510- Bumped minimum autoconf version to 2.65, automake version to 1.12
511- Addition of OCSP callbacks
512- STM32F2 support with hardware crypto and RNG
513- Cavium NITROX support
514
515CTaoCrypt now has support for the Microchip PIC32 and has been tested with
516the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and
517MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README
518located under the <cyassl_root>/mplabx directory for more details.
519
520To add Cavium NITROX support do:
521
522./configure --with-cavium=/home/user/cavium/software
523
524pointing to your licensed cavium/software directory. Since Cavium doesn't
525build a library we pull in the cavium_common.o file which gives a libtool
526warning about the portability of this. Also, if you're using the github source
527tree you'll need to remove the -Wredundant-decls warning from the generated
528Makefile because the cavium headers don't conform to this warning. Currently
529CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto
530layer. Support at the SSL level is partial and currently just does AES, 3DES,
531and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non
532blocking mode. The example client turns on cavium support as does the crypto
533test and benchmark. Please see the HAVE_CAVIUM define.
534
535CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
536generator through the STM32F2 Standard Peripheral Library. For necessary
537defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
538STM32F2 Standard Peripheral Library can be found in the following document:
539http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
540
541The CyaSSL manual is available at:
542http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
543and comments about the new features please check the manual.
544
545
546
547*************** CyaSSL Release 2.4.6 (12/20/2012)
548
549Release 2.4.6 CyaSSL has bug fixes and a few new features including:
550- ECC into main version
551- Lean PSK build (reduced code size, RAM usage, and stack usage)
552- FreeBSD CRL monitor support
553- CyaSSL_peek()
554- CyaSSL_send() and CyaSSL_recv() for I/O flag setting
555- CodeWarrior Support
556- MQX Support
557- Freescale Kinetis support including Hardware RNG
558- autoconf builds use jobserver
559- cyassl-config
560- Sniffer memory reductions
561
562Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
563warning system, and general good ideas for improving CyaSSL!
564
565The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
566K70 Sub-Family Reference Manual:
567http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
568
569The CyaSSL manual is available at:
570http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
571and comments about the new features please check the manual.
572
573
574*************** CyaSSL Release 2.4.0 (10/10/2012)
575
576Release 2.4.0 CyaSSL has bug fixes and a few new features including:
577- DTLS reliability
578- Reduced memory usage after handshake
579- Updated build process
580
581The CyaSSL manual is available at:
582http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
583and comments about the new features please check the manual.
584
585
586
587*************** CyaSSL Release 2.3.0 (8/10/2012)
588
589Release 2.3.0 CyaSSL has bug fixes and a few new features including:
590- AES-GCM crypto and cipher suites
591- make test cipher suite checks
592- Subject AltName processing
593- Command line support for client/server examples
594- Sniffer SessionTicket support
595- SHA-384 cipher suites
596- Verify cipher suite validity when user overrides
597- CRL dir monitoring
598- DTLS Cookie support, reliability coming soon
599
600The CyaSSL manual is available at:
601http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
602and comments about the new features please check the manual.
603
604
605
606***************CyaSSL Release 2.2.0 (5/18/2012)
607
608Release 2.2.0 CyaSSL has bug fixes and a few new features including:
609- Initial CRL support (--enable-crl)
610- Initial OCSP support (--enable-ocsp)
611- Add static ECDH suites
612- SHA-384 support
613- ECC client certificate support
614- Add medium session cache size (1055 sessions)
615- Updated unit tests
616- Protection against mutex reinitialization
617
618
619The CyaSSL manual is available at:
620http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
621and comments about the new features please check the manual.
622
623
624
625***************CyaSSL Release 2.0.8 (2/24/2012)
626
627Release 2.0.8 CyaSSL has bug fixes and a few new features including:
628- A fix for malicious certificates pointed out by Remi Gacogne (thanks)
629 resulting in NULL pointer use.
630- Respond to renegotiation attempt with no_renegoatation alert
631- Add basic path support for load_verify_locations()
632- Add set Temp EC-DHE key size
633- Extra checks on rsa test when porting into
634
635
636The CyaSSL manual is available at:
637http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
638and comments about the new features please check the manual.
639
640
641
642************* CyaSSL Release 2.0.6 (1/27/2012)
643
644Release 2.0.6 CyaSSL has bug fixes and a few new features including:
645- Fixes for CA basis constraint check
646- CTX reference counting
647- Initial unit test additions
648- Lean and Mean Windows fix
649- ECC benchmarking
650- SSMTP build support
651- Ability to group handshake messages with set_group_messages(ctx/ssl)
652- CA cache addition callback
653- Export Base64_Encode for general use
654
655The CyaSSL manual is available at:
656http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
657and comments about the new features please check the manual.
658
659
660
661************* CyaSSL Release 2.0.2 (12/05/2011)
662
663Release 2.0.2 CyaSSL has bug fixes and a few new features including:
664- CTaoCrypt Runtime library detection settings when directly using the crypto
665 library
666- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
667- All test certificates now use 2048bit and SHA-1 for better modern browser
668 support
669- Direct AES block access and AES-CTR (counter) mode
670- Microchip pic32 support
671
672The CyaSSL manual is available at:
673http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
674and comments about the new features please check the manual.
675
676
677
678************* CyaSSL Release 2.0.0rc3 (9/28/2011)
679
680Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
681- updated autoconf support
682- better make install and uninstall (uses system directories)
683- make test / make check
684- CyaSSL headers now in <cyassl/*.h>
685- CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
686- OpenSSL compatibility headers now in <cyassl/openssl/*.h>
687- examples and tests all run from home directory so can use certs in ./certs
688 (see note 1)
689
690So previous applications that used the OpenSSL compatibility header
691<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
692changes are required.
693
694Special Thanks to Brian Aker for his autoconf, install, and header patches.
695
696The CyaSSL manual is available at:
697http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
698and comments about the new features please check the manual.
699
700************CyaSSL Release 2.0.0rc2 (6/6/2011)
701
702Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
703- bug fixes (Alerts, DTLS with DHE)
704- FreeRTOS support
705- lwIP support
706- Wshadow warnings removed
707- asn public header
708- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
709 updated to reflect this change)
710- and more.
711
712This is the 2nd and perhaps final release candidate for version 2.
713Please send any comments or questions to support@wolfssl.com.
714
715The CyaSSL manual is available at:
716http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
717and comments about the new features please check the manual.
718
719***********CyaSSL Release 2.0.0rc1 (5/2/2011)
720
721Release 2.0.0rc1 for CyaSSL has many new features including:
722- bug fixes
723- SHA-256 cipher suites
724- Root Certificate Verification (instead of needing all certs in the chain)
725- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12)
726- Serial number retrieval for x509
727- PBKDF2 and PKCS #12 PBKDF
728- UID parsing for x509
729- SHA-256 certificate signatures
730- Client and server can send chains (SSL_CTX_use_certificate_chain_file)
731- CA loading can now parse multiple certificates per file
732- Dynamic memory runtime hooks
733- Runtime hooks for logging
734- EDH on server side
735- More informative error codes
736- More informative logging messages
737- Version downgrade more robust (use SSL_v23*)
738- Shared build only by default through ./configure
739- Compiler visibility is now used, internal functions not polluting namespace
740- Single Makefile, no recursion, for faster and simpler building
741- Turn on all warnings possible build option, warning fixes
742- and more.
743
744Because of all the new features and the multiple OS, compiler, feature-set
745options that CyaSSL allows, there may be some configuration fixes needed.
746Please send any comments or questions to support@wolfssl.com.
747
748The CyaSSL manual is available at:
749http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
750and comments about the new features please check the manual.
751
752****************** CyaSSL Release 1.9.0 (3/2/2011)
753
754Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
755better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
756improper AES key setup detection, user cert verify callback improvements, and
757more.
758
759The CyaSSL manual offering is included in the doc/ directory. For build
760instructions and comments about the new features please check the manual.
761
762Please send any comments or questions to support@wolfssl.com.
763
764****************** CyaSSL Release 1.8.0 (12/23/2010)
765
766Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
767generation, a C standard library abstraction layer, lower memory use, increased
768portability through the os_settings.h file, and the ability to use NTRU cipher
769suites when used in conjunction with an NTRU license and library.
770
771The initial CyaSSL manual offering is included in the doc/ directory. For
772build instructions and comments about the new features please check the manual.
773
774Please send any comments or questions to support@wolfssl.com.
775
776Happy Holidays.
777
778
779********************* CyaSSL Release 1.6.5 (9/9/2010)
780
781Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate
782generation.
783
784For general build instructions see doc/Building_CyaSSL.pdf.
785
786To enable certificate generation support add this option to ./configure
787./configure --enable-certgen
788
789An example is included in ctaocrypt/test/test.c and documentation is provided
790in doc/CyaSSL_Extensions_Reference.pdf item 11.
791
792********************** CyaSSL Release 1.6.0 (8/27/2010)
793
794Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key
795generation.
796
797For general build instructions see doc/Building_CyaSSL.pdf.
798
799To add RIPEMD-160 support add this option to ./configure
800./configure --enable-ripemd
801
802To add SHA-512 support add this option to ./configure
803./configure --enable-sha512
804
805To add RSA key generation support add this option to ./configure
806./configure --enable-keygen
807
808Please see ctaocrypt/test/test.c for examples and usage.
809
810For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is
811off by default. To turn key generation on add the define CYASSL_KEY_GEN to
812CyaSSL.
813
814
815************* CyaSSL Release 1.5.6 (7/28/2010)
816
817Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider,
818and a fix for GCC builds on some systems.
819
820For general build instructions see doc/Building_CyaSSL.pdf.
821
822To add AES-NI support add this option to ./configure
823./configure --enable-aesni
824
825You'll need GCC 4.4.3 or later to make use of the assembly.
826
827************** CyaSSL Release 1.5.4 (7/7/2010)
828
829Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed
830improvements from loop unrolling, and support for the Mongoose Web Server.
831
832For general build instructions see doc/Building_CyaSSL.pdf.
833
834To add AES-NI support add this option to ./configure
835./configure --enable-aesni
836
837You'll need GCC 4.4.3 or later to make use of the assembly.
838
839*************** CyaSSL Release 1.5.0 (5/11/2010)
840
841Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer
842support, and initial swig interface support.
843
844For general build instructions see doc/Building_CyaSSL.pdf.
845
846To add support for GoAhead WebServer either --enable-opensslExtra or if you
847don't want all the features of opensslExtra you can just define GOAHEAD_WS
848instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or
849you can define it yourself.
850
851To look at the sniffer support please see the sniffertest app in
852sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the
853vcproj files on windows. You'll need to have pcap installed on *nix and
854WinPcap on windows.
855
856A swig interface file is now located in the swig directory for using Python,
857Java, Perl, and others with CyaSSL. This is initial support and experimental,
858please send questions or comments to support@wolfssl.com.
859
860When doing load testing with CyaSSL, on the echoserver example say, the client
861machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT
862queue, and can't be reused by default. There are generally two ways to fix
863this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow
864items on the TIME_WAIT queue to be reused.
865
866
867To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds)
868
869sudo sysctl -w net.inet.tcp.msl=3000
870
871In Linux
872
873sudo sysctl -w net.ipv4.tcp_tw_reuse=1
874
875allows reuse of sockets in TIME_WAIT
876
877sudo sysctl -w net.ipv4.tcp_tw_recycle=1
878
879works but seems to remove sockets from TIME_WAIT entirely?
880
881sudo sysctl -w net.ipv4.tcp_fin_timeout=1
882
883doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
884
885
886******************** CyaSSL Release 1.4.0 (2/18/2010)
887
888Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support
889through SSLv23_server_method(), and improved documentation in the doc/ folder.
890
891For general build instructions doc/Building_CyaSSL.pdf.
892
893******************** CyaSSL Release 1.3.0 (1/21/2010)
894
895Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix,
896better porting support, removal of assert()s, and a complete THREADX port.
897
898For general build instructions see rc1 below.
899
900******************** CyaSSL Release 1.2.0 (11/2/2009)
901
902Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is
903read or write.
904
905For general build instructions see rc1 below.
906
907******************** CyaSSL Release 1.1.0 (9/2/2009)
908
909Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session
910cache use, support for lighttpd, and TLS 1.2.
911
912To get TLS 1.2 support please use the client and server functions:
913
914SSL_METHOD *TLSv1_2_server_method(void);
915SSL_METHOD *TLSv1_2_client_method(void);
916
917CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with
918lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>:
919
920./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib
921
922make
923make openssl-links
924
925Then to build lighttpd with CyaSSL use the following commands from the
926lighttpd install dir:
927
928./configure --with-openssl --with-openssl-includes=<CyaSSLDir>/include --with-openssl-libs=<CyaSSLDir>/lib LDFLAGS=-lm
929
930make
931
932On some systems you may get a linker error about a duplicate symbol for
933MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file
934md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o.
935When liblightcomp is linked with the SSL_LIBs the linker may complain about
936the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c
937and adding this line to the beginning of the file:
938
939#if 0
940
941and this line to the end of the file
942
943#endif
944
945Then from the lighttpd src dir do a:
946
947make clean
948make
949
950
951If you get link errors about undefined symbols more than likely the actual
952OpenSSL libraries are found by the linker before the CyaSSL openssl-links that
953point to the CyaSSL library, causing the linker confusion. This can be fixed
954by editing the Makefile in the lighttpd src directory and changing the line:
955
956SSL_LIB = -lssl -lcrypto
957
958to
959
960SSL_LIB = -lcyassl
961
962Then from the lighttpd src dir do a:
963
964make clean
965make
966
967This should remove any confusion the linker may be having with missing symbols.
968
969For any questions or concerns please contact support@wolfssl.com .
970
971For general build instructions see rc1 below.
972
973******************CyaSSL Release 1.0.6 (8/03/2009)
974
975Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster
976math with a huge code option.
977
978The session cache now defaults to a client mode, also good for embedded servers.
979For servers not under heavy load (less than 200 new sessions per minute), define
980BIG_SESSION_CACHE. If the server will be under heavy load, define
981HUGE_SESSION_CACHE.
982
983There is now a fasthugemath option for configure. This enables fastmath plus
984even faster math by greatly increasing the code size of the math library. Use
985the benchmark utility to compare public key operations.
986
987
988For general build instructions see rc1 below.
989
990******************CyaSSL Release 1.0.3 (5/10/2009)
991
992Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL
993compatibility when building other applications.
994
995Release 1.0.3 includes an alpha release of DTLS for both client and servers.
996This is only for testing purposes at this time. Rebroadcast and reordering
997aren't fully implemented at this time but will be for the next release.
998
999For general build instructions see rc1 below.
1000
1001******************CyaSSL Release 1.0.2 (4/3/2009)
1002
1003Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems
1004will send a SIGPIPE on socket recv() at any time and this should be handled by
1005the application by turning off SIGPIPE through setsockopt() or returning from
1006the handler.
1007
1008Release 1.0.2 includes an alpha release of DTLS for both client and servers.
1009This is only for testing purposes at this time. Rebroadcast and reordering
1010aren't fully implemented at this time but will be for the next release.
1011
1012For general build instructions see rc1 below.
1013
1014*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009)
1015
1016
1017Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for
1018iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root
1019directory. This release also includes a fix for supporting other
1020implementations that bundle multiple messages at the record layer, this was
1021lost when cyassl i/o was re-implemented but is now fixed.
1022
1023For general build instructions see rc1 below.
1024
1025*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009)
1026
1027
1028Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
1029ciphers along with their respective cipher suites. CyaSSL adds support for
1030HC-128 and RABBIT stream ciphers. The new suites are:
1031
1032TLS_RSA_WITH_HC_128_SHA
1033TLS_RSA_WITH_RABBIT_SHA
1034
1035And the corresponding cipher names are
1036
1037HC128-SHA
1038RABBIT-SHA
1039
1040CyaSSL also adds support for building with devkitPro for PPC by changing the
1041library proper to use libogc. The examples haven't been changed yet but if
1042there's interest they can be. Here's an example ./configure to build CyaSSL
1043for devkitPro:
1044
1045./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO"
1046
1047For linking purposes you'll need
1048
1049LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"
1050
1051For general build instructions see rc1 below.
1052
1053
1054********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008)
1055
1056
1057Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several
1058areas have optimization improvements, less dynamic memory use, and the I/O
1059strategy has been refactored to allow alternate I/O handling or Library use.
1060Many thanks to Thierry Fournier for providing these ideas and most of the work.
1061
1062Because of these changes, this release is only a candidate since some problems
1063are probably inevitable on some platform with some I/O use. Please report any
1064problems and we'll try to resolve them as soon as possible. You can contact us
1065at support@wolfssl.com or todd@wolfssl.com.
1066
1067Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly
1068on some platforms. This is new so please report any problems as every compiler,
1069mode, OS combination hasn't been tested. On ia32 all of the registers need to
1070be available so be sure to pass these options to CFLAGS:
1071
1072CFLAGS="-O3 -fomit-frame-pointer"
1073
1074OS X will also need -mdynamic-no-pic added to CFLAGS
1075
1076Also if you're building in shared mode for ia32 you'll need to pass options to
1077LDFLAGS as well on OS X:
1078
1079LDFLAGS=-Wl,-read_only_relocs,warning
1080
1081This gives warnings for some symbols but seems to work.
1082
1083
1084--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
1085
1086 ./configure
1087 make
1088
1089 from the ./testsuite/ directory run ./testsuite
1090
1091to make a debug build:
1092
1093 ./configure --enable-debug --disable-shared
1094 make
1095
1096
1097
1098--To build on Win32
1099
1100Choose (Re)Build All from the project workspace
1101
1102Run the testsuite program
1103
1104
1105
1106
1107
1108*************************CyaSSL version 0.9.9 (7/25/2008)
1109
1110This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory
1111handling, and optionally TomsFastMath. Thanks to Mois辿s Guimar達es for the
1112work on TomsFastMath.
1113
1114To optionally use TomsFastMath pass --enable-fastmath to ./configure
1115Or define USE_FAST_MATH in each project from CyaSSL for MSVC.
1116
1117Please use the benchmark routine before and after to see the performance
1118difference, on some platforms the gains will be little but RSA encryption
1119always seems to be faster. On x86-64 machines with GCC the normal math library
1120may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't
1121yet use -m64 because of GCCs inability to do 128bit division.
1122
1123 **** UPDATE GCC 4.2.1 can now do 128bit division ***
1124
1125See notes below (0.2.0) for complete build instructions.
1126
1127
1128****************CyaSSL version 0.9.8 (5/7/2008)
1129
1130This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better
1131socket handling.
1132
1133See notes below (0.2.0) for complete build instructions.
1134
1135
1136****************CyaSSL version 0.9.6 (1/31/2008)
1137
1138This release of CyaSSL adds bug fixes, increased session management, and a fix
1139for gnutls.
1140
1141See notes below (0.2.0) for complete build instructions.
1142
1143
1144****************CyaSSL version 0.9.0 (10/15/2007)
1145
1146This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support,
1147IPV6 support and test, and new test certificates.
1148
1149See notes below (0.2.0) for complete build instructions.
1150
1151
1152****************CyaSSL version 0.8.0 (1/10/2007)
1153
1154This release of CyaSSL adds increased socket support, for non-blocking writes,
1155connects, and interrupted system calls.
1156
1157See notes below (0.2.0) for complete build instructions.
1158
1159
1160****************CyaSSL version 0.6.3 (10/30/2006)
1161
1162This release of CyaSSL adds debug logging to stderr to aid in the debugging of
1163CyaSSL on systems that may not provide the best support.
1164
1165If CyaSSL is built with debugging support then you need to call
1166CyaSSL_Debugging_ON() to turn logging on.
1167
1168On Unix use ./configure --enable-debug
1169
1170On Windows define DEBUG_CYASSL when building CyaSSL
1171
1172
1173To turn logging back off call CyaSSL_Debugging_OFF()
1174
1175See notes below (0.2.0) for complete build instructions.
1176
1177
1178*****************CyaSSL version 0.6.2 (10/29/2006)
1179
1180This release of CyaSSL adds TLS 1.1.
1181
1182Note that CyaSSL has certificate verification on by default, unlike OpenSSL.
1183To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with
1184SSL_VERIFY_NONE. In order to have full security you should never do this,
1185provide CyaSSL with the proper certificates to eliminate impostors and call
1186CyaSSL_check_domain_name() to prevent man in the middle attacks.
1187
1188See notes below (0.2.0) for build instructions.
1189
1190*****************CyaSSL version 0.6.0 (10/25/2006)
1191
1192This release of CyaSSL adds more SSL functions, better autoconf, nonblocking
1193I/O for accept, connect, and read. There is now an --enable-small configure
1194option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in
1195for the defines. Note that TLS requires HMAC and AES requires TLS.
1196
1197See notes below (0.2.0) for build instructions.
1198
1199
1200*****************CyaSSL version 0.5.5 (09/27/2006)
1201
1202This mini release of CyaSSL adds better input processing through buffered input
1203and big message support. Added SSL_pending() and some sanity checks on user
1204settings.
1205
1206See notes below (0.2.0) for build instructions.
1207
1208
1209*****************CyaSSL version 0.5.0 (03/27/2006)
1210
1211This release of CyaSSL adds AES support and minor bug fixes.
1212
1213See notes below (0.2.0) for build instructions.
1214
1215
1216*****************CyaSSL version 0.4.0 (03/15/2006)
1217
1218This release of CyaSSL adds TLSv1 client/server support and libtool.
1219
1220See notes below for build instructions.
1221
1222
1223*****************CyaSSL version 0.3.0 (02/26/2006)
1224
1225This release of CyaSSL adds SSLv3 server support and session resumption.
1226
1227See notes below for build instructions.
1228
1229
1230*****************CyaSSL version 0.2.0 (02/19/2006)
1231
1232
1233This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL
1234is written in ANSI C with the idea of a small code size, footprint, and memory
1235usage in mind. CTaoCrypt can be as small as 32K, and the current client
1236version of CyaSSL can be as small as 12K.
1237
1238
1239The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer
1240Support, RSA, ASN parsing, and basic x509 (en/de)coding.
1241
1242The first release of CyaSSL supports normal client RSA mode SSLv3 connections
1243with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4.
1244
1245
1246--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
1247
1248 ./configure
1249 make
1250
1251 from the ./testsuite/ directory run ./testsuite
1252
1253to make a debug build:
1254
1255 ./configure --enable-debug --disable-shared
1256 make
1257
1258
1259
1260--To build on Win32
1261
1262Choose (Re)Build All from the project workspace
1263
1264Run the testsuite program
1265
1266
1267
1268*** The next release of CyaSSL will support a server and more OpenSSL
1269compatibility functions.
1270
1271
1272Please send questions or comments to todd@wolfssl.com
1273
Note: See TracBrowser for help on using the repository browser.