[164] | 1 | *** Notes, Please read ***
|
---|
| 2 |
|
---|
| 3 | Note 1)
|
---|
| 4 | wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
|
---|
| 5 | longer supports static key cipher suites with PSK, RSA, or ECDH. This means
|
---|
| 6 | if you plan to use TLS cipher suites you must enable DH (DH is on by default),
|
---|
| 7 | or enable ECC (ECC is on by default on 64bit systems), or you must enable static
|
---|
| 8 | key cipher suites with
|
---|
| 9 | WOLFSSL_STATIC_DH
|
---|
| 10 | WOLFSSL_STATIC_RSA
|
---|
| 11 | or
|
---|
| 12 | WOLFSSL_STATIC_PSK
|
---|
| 13 |
|
---|
| 14 | though static key cipher suites are deprecated and will be removed from future
|
---|
| 15 | versions of TLS. They also lower your security by removing PFS.
|
---|
| 16 |
|
---|
| 17 | When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
|
---|
| 18 | are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
|
---|
| 19 | in the event that you desire that, i.e., you're not using TLS cipher suites.
|
---|
| 20 |
|
---|
| 21 | Note 2)
|
---|
| 22 | wolfSSL takes a different approach to certificate verification than OpenSSL
|
---|
| 23 | does. The default policy for the client is to verify the server, this means
|
---|
| 24 | that if you don't load CAs to verify the server you'll get a connect error,
|
---|
| 25 | no signer error to confirm failure (-188).
|
---|
| 26 | If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
|
---|
| 27 | verifying the server fails and reducing security you can do this by calling:
|
---|
| 28 |
|
---|
| 29 | wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
---|
| 30 |
|
---|
| 31 | before calling wolfSSL_new(); Though it's not recommended.
|
---|
| 32 |
|
---|
| 33 | *** end Notes ***
|
---|
| 34 |
|
---|
| 35 | ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)
|
---|
| 36 |
|
---|
| 37 | Release 3.7.0 of wolfSSL has bug fixes and new features including:
|
---|
| 38 |
|
---|
| 39 | - ALPN extension support added for HTTP2 connections with --enable-alpn
|
---|
| 40 | - Change of example/client/client max fragment flag -L -> -F
|
---|
| 41 | - Throughput benchmarking, added scripts/benchmark.test
|
---|
| 42 | - Sniffer API ssl_FreeDecodeBuffer added
|
---|
| 43 | - Addition of AES_GCM to Sniffer
|
---|
| 44 | - Sniffer change to handle unlimited decrypt buffer size
|
---|
| 45 | - New option for the sniffer where it will try to pick up decoding after a
|
---|
| 46 | sequence number acknowldgement fault. Also includes some additional stats.
|
---|
| 47 | - JNI API setter and getter function for jobject added
|
---|
| 48 | - User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto
|
---|
| 49 | - fix to asn configuration bug
|
---|
| 50 | - AES-GCM/CCM fixes.
|
---|
| 51 | - Port for Rowley added
|
---|
| 52 | - Rowley Crossworks bare metal examples added
|
---|
| 53 | - MDK5-ARM project update
|
---|
| 54 | - FreeRTOS support updates.
|
---|
| 55 | - VXWorks support updates.
|
---|
| 56 | - Added the IDEA cipher and support in wolfSSL.
|
---|
| 57 | - Update wolfSSL website CA.
|
---|
| 58 | - CFLAGS is usable when configuring source.
|
---|
| 59 |
|
---|
| 60 | - No high level security fixes that requires an update though we always
|
---|
| 61 | recommend updating to the latest
|
---|
| 62 |
|
---|
| 63 | See INSTALL file for build instructions.
|
---|
| 64 | More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
|
---|
| 65 |
|
---|
| 66 | ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015)
|
---|
| 67 |
|
---|
| 68 | Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also
|
---|
| 69 | includes bug fixes and new features including:
|
---|
| 70 |
|
---|
| 71 | - Two High level security fixes, all users SHOULD update.
|
---|
| 72 | a) If using wolfSSL for DTLS on the server side of a publicly accessible
|
---|
| 73 | machine you MUST update.
|
---|
| 74 | b) If using wolfSSL for TLS on the server side with private RSA keys allowing
|
---|
| 75 | ephemeral key exchange without low memory optimizations you MUST update and
|
---|
| 76 | regenerate the private RSA keys.
|
---|
| 77 |
|
---|
| 78 | Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details
|
---|
| 79 |
|
---|
| 80 | - No filesystem build fixes for various configurations
|
---|
| 81 | - Certificate generation now supports several extensions including KeyUsage,
|
---|
| 82 | SKID, AKID, and Certificate Policies
|
---|
| 83 | - CRLs can be loaded from buffers as well as files now
|
---|
| 84 | - SHA-512 Certificate Signing generation
|
---|
| 85 | - Fixes for sniffer reassembly processing
|
---|
| 86 |
|
---|
| 87 | See INSTALL file for build instructions.
|
---|
| 88 | More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
|
---|
| 89 |
|
---|
| 90 | ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
|
---|
| 91 |
|
---|
| 92 | Release 3.6.6 of wolfSSL has bug fixes and new features including:
|
---|
| 93 |
|
---|
| 94 | - OpenSSH compatibility with --enable-openssh
|
---|
| 95 | - stunnel compatibility with --enable-stunnel
|
---|
| 96 | - lighttpd compatibility with --enable-lighty
|
---|
| 97 | - SSLv3 is now disabled by default, can be enabled with --enable-sslv3
|
---|
| 98 | - Ephemeral key cipher suites only are now supported by default
|
---|
| 99 | To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
|
---|
| 100 | To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
|
---|
| 101 | To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
|
---|
| 102 | - Added QSH (quantum-safe handshake) extension with --enable-ntru
|
---|
| 103 | - SRP is now part of wolfCrypt, enable with --enabe-srp
|
---|
| 104 | - Certificate handshake messages can now be sent fragmented if the record
|
---|
| 105 | size is smaller than the total message size, no user action required.
|
---|
| 106 | - DTLS duplicate message fixes
|
---|
| 107 | - Visual Studio project files now support DLL and static builds for 32/64bit.
|
---|
| 108 | - Support for new Freescale I/O
|
---|
| 109 | - FreeRTOS FIPS support
|
---|
| 110 |
|
---|
| 111 | - No high level security fixes that requires an update though we always
|
---|
| 112 | recommend updating to the latest
|
---|
| 113 |
|
---|
| 114 | See INSTALL file for build instructions.
|
---|
| 115 | More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
|
---|
| 116 |
|
---|
| 117 | **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
|
---|
| 118 |
|
---|
| 119 | Release 3.6.0 of wolfSSL has bug fixes and new features including:
|
---|
| 120 |
|
---|
| 121 | - Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
|
---|
| 122 | Forward Secrecy). With --enable-maxstrength
|
---|
| 123 | - Server side session ticket support, the example server and echoserver use the
|
---|
| 124 | example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
|
---|
| 125 | - FIPS version submitted for iOS.
|
---|
| 126 | - TI Crypto Hardware Acceleration
|
---|
| 127 | - DTLS fragmentation fixes
|
---|
| 128 | - ECC key check validation with wc_ecc_check_key()
|
---|
| 129 | - 32bit code options to reduce memory for Curve25519 and Ed25519
|
---|
| 130 | - wolfSSL JNI build switch with --enable-jni
|
---|
| 131 | - PicoTCP support improvements
|
---|
| 132 | - DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
|
---|
| 133 | - KEEP_PEER_CERT and AltNames can now be used together
|
---|
| 134 | - ChaCha20 big endian fix
|
---|
| 135 | - SHA-512 signature algorithm support for key exchange and verify messages
|
---|
| 136 | - ECC make key crash fix on RNG failure, ECC users must update.
|
---|
| 137 | - Improvements to usage of time code.
|
---|
| 138 | - Improvements to VS solution files.
|
---|
| 139 | - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
|
---|
| 140 | add -fdebug-types-section to C_EXTRA_FLAGS
|
---|
| 141 |
|
---|
| 142 | - No high level security fixes that requires an update though we always
|
---|
| 143 | recommend updating to the latest (except note 14, ecc RNG failure)
|
---|
| 144 |
|
---|
| 145 | See INSTALL file for build instructions.
|
---|
| 146 | More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
|
---|
| 147 |
|
---|
| 148 |
|
---|
| 149 | *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
|
---|
| 150 |
|
---|
| 151 | Release 3.4.6 of wolfSSL has bug fixes and new features including:
|
---|
| 152 |
|
---|
| 153 | - Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2,
|
---|
| 154 | rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm.
|
---|
| 155 | These speedup the use of RNG, SHA2, and public key algorithms.
|
---|
| 156 | - Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples
|
---|
| 157 | in wolcrypt/test/test.c ed25519_test().
|
---|
| 158 | - Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes
|
---|
| 159 | of memory per secure connection including cipher state.
|
---|
| 160 | - wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and
|
---|
| 161 | ctaocrypt headers which will enable the compatibility APIs for the
|
---|
| 162 | foreseeable future
|
---|
| 163 | - INSTALL file to help direct users to build instructions for their environment
|
---|
| 164 | - For ECC users with the normal math library a fix that prevents a crash when
|
---|
| 165 | verify signature fails. Users of 3.4.0 with ECC and the normal math library
|
---|
| 166 | must update
|
---|
| 167 | - RC4 is now disabled by default in autoconf mode
|
---|
| 168 | - AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers
|
---|
| 169 | available without a switch
|
---|
| 170 | - External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution
|
---|
| 171 | - DHE-PSK cipher suites can now be built without ASN or Cert support
|
---|
| 172 | - Fix some NO MD5 build issues with optional features
|
---|
| 173 | - Freescale CodeWarrior project updates
|
---|
| 174 | - ECC curves can be individually turned on/off at build time.
|
---|
| 175 | - Sniffer handles Cert Status message and other minor fixes
|
---|
| 176 | - SetMinVersion() at the wolfSSL Context level instead of just SSL session level
|
---|
| 177 | to allow minimum protocol version allowed at runtime
|
---|
| 178 | - RNG failure resource cleanup fix
|
---|
| 179 |
|
---|
| 180 | - No high level security fixes that requires an update though we always
|
---|
| 181 | recommend updating to the latest (except note 6 use case of ecc/normal math)
|
---|
| 182 |
|
---|
| 183 | See INSTALL file for build instructions.
|
---|
| 184 | More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
|
---|
| 185 |
|
---|
| 186 |
|
---|
| 187 | *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015)
|
---|
| 188 |
|
---|
| 189 | Release 3.4.0 wolfSSL has bug fixes and new features including:
|
---|
| 190 |
|
---|
| 191 | - wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt
|
---|
| 192 | headers which will enable the compatibility APIs for the foreseeable future
|
---|
| 193 | - Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
|
---|
| 194 | - Example use of the wolfSSL API can be found in examples/client/client.c
|
---|
| 195 | - Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
|
---|
| 196 | - Improvements in the build configuration under AIX
|
---|
| 197 | - Microchip Pic32 MZ updates
|
---|
| 198 | - TIRTOS updates
|
---|
| 199 | - PowerPC updates
|
---|
| 200 | - Xcode project update
|
---|
| 201 | - Bidirectional shutdown examples in client/server with -w (wait for full
|
---|
| 202 | shutdown) option
|
---|
| 203 | - Cycle counts on benchmarks for x86_64, more coming soon
|
---|
| 204 | - ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA
|
---|
| 205 | keys
|
---|
| 206 | - Various compile warnings
|
---|
| 207 | - Scan-build warning fixes
|
---|
| 208 | - Changed a memcpy to memmove in the sniffer (if using sniffer please update)
|
---|
| 209 | - No high level security fixes that requires an update though we always
|
---|
| 210 | recommend updating to the latest
|
---|
| 211 |
|
---|
| 212 |
|
---|
| 213 | ***********CyaSSL Release 3.3.0 (12/05/2014)
|
---|
| 214 |
|
---|
| 215 | - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without
|
---|
| 216 | FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from
|
---|
| 217 | the Prosecco team at INRIA Paris-Rocquencourt for the report.
|
---|
| 218 | - FIPS version submitted
|
---|
| 219 | - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
|
---|
| 220 | - User can set minimum downgrade version with CyaSSL_SetMinVersion()
|
---|
| 221 | - Small stack improvements at TLS/SSL layer
|
---|
| 222 | - TLS Master Secret generation and Key Expansion are now exposed
|
---|
| 223 | - Adds client side Secure Renegotiation, * not recommended *
|
---|
| 224 | - Client side session ticket support, not fully tested with Secure Renegotiation
|
---|
| 225 | - Allows up to 4096bit DHE at TLS Key Exchange layer
|
---|
| 226 | - Handles non standard SessionID sizes in Hello Messages
|
---|
| 227 | - PicoTCP Support
|
---|
| 228 | - Sniffer now supports SNI Virtual Hosts
|
---|
| 229 | - Sniffer now handles non HTTPS protocols using STARTTLS
|
---|
| 230 | - Sniffer can now parse records with multiple messages
|
---|
| 231 | - TI-RTOS updates
|
---|
| 232 | - Fix for ColdFire optimized fp_digit read only in explicit 32bit case
|
---|
| 233 | - ADH Cipher Suite ADH-AES128-SHA for EAP-FAST
|
---|
| 234 |
|
---|
| 235 | The CyaSSL manual is available at:
|
---|
| 236 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 237 | and comments about the new features please check the manual.
|
---|
| 238 |
|
---|
| 239 |
|
---|
| 240 | ***********CyaSSL Release 3.2.0 (09/10/2014)
|
---|
| 241 |
|
---|
| 242 | Release 3.2.0 CyaSSL has bug fixes and new features including:
|
---|
| 243 |
|
---|
| 244 | - ChaCha20 and Poly1305 crypto and suites
|
---|
| 245 | - Small stack improvements for OCSP, CRL, TLS, DTLS
|
---|
| 246 | - NTRU Encrypt and Decrypt benchmarks
|
---|
| 247 | - Updated Visual Studio project files
|
---|
| 248 | - Updated Keil MDK5 project files
|
---|
| 249 | - Fix for DTLS sequence numbers with GCM/CCM
|
---|
| 250 | - Updated HashDRBG with more secure struct declaration
|
---|
| 251 | - TI-RTOS support and example Code Composer Studio project files
|
---|
| 252 | - Ability to get enabled cipher suites, CyaSSL_get_ciphers()
|
---|
| 253 | - AES-GCM/CCM/Direct support for Freescale mmCAU and CAU
|
---|
| 254 | - Sniffer improvement checking for decrypt key setup
|
---|
| 255 | - Support for raw ECC key import
|
---|
| 256 | - Ability to convert ecc_key to DER, EccKeyToDer()
|
---|
| 257 | - Security fix for RSA Padding check vulnerability reported by Intel Security
|
---|
| 258 | Advanced Threat Research team
|
---|
| 259 |
|
---|
| 260 | The CyaSSL manual is available at:
|
---|
| 261 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 262 | and comments about the new features please check the manual.
|
---|
| 263 |
|
---|
| 264 |
|
---|
| 265 | ************ CyaSSL Release 3.1.0 (07/14/2014)
|
---|
| 266 |
|
---|
| 267 | Release 3.1.0 CyaSSL has bug fixes and new features including:
|
---|
| 268 |
|
---|
| 269 | - Fix for older versions of icc without 128-bit type
|
---|
| 270 | - Intel ASM syntax for AES-NI
|
---|
| 271 | - Updated NTRU support, keygen benchmark
|
---|
| 272 | - FIPS check for minimum required HMAC key length
|
---|
| 273 | - Small stack (--enable-smallstack) improvements for PKCS#7, ASN
|
---|
| 274 | - TLS extension support for DTLS
|
---|
| 275 | - Default I/O callbacks external to user
|
---|
| 276 | - Updated example client with bad clock test
|
---|
| 277 | - Ability to set optional ECC context info
|
---|
| 278 | - Ability to enable/disable DH separate from opensslextra
|
---|
| 279 | - Additional test key/cert buffers for CA and server
|
---|
| 280 | - Updated example certificates
|
---|
| 281 |
|
---|
| 282 | The CyaSSL manual is available at:
|
---|
| 283 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 284 | and comments about the new features please check the manual.
|
---|
| 285 |
|
---|
| 286 |
|
---|
| 287 | ************ CyaSSL Release 3.0.2 (05/30/2014)
|
---|
| 288 |
|
---|
| 289 | Release 3.0.2 CyaSSL has bug fixes and new features including:
|
---|
| 290 |
|
---|
| 291 | - Added the following cipher suites:
|
---|
| 292 | * TLS_PSK_WITH_AES_128_GCM_SHA256
|
---|
| 293 | * TLS_PSK_WITH_AES_256_GCM_SHA384
|
---|
| 294 | * TLS_PSK_WITH_AES_256_CBC_SHA384
|
---|
| 295 | * TLS_PSK_WITH_NULL_SHA384
|
---|
| 296 | * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
---|
| 297 | * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
|
---|
| 298 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
|
---|
| 299 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
|
---|
| 300 | * TLS_DHE_PSK_WITH_NULL_SHA256
|
---|
| 301 | * TLS_DHE_PSK_WITH_NULL_SHA384
|
---|
| 302 | * TLS_DHE_PSK_WITH_AES_128_CCM
|
---|
| 303 | * TLS_DHE_PSK_WITH_AES_256_CCM
|
---|
| 304 | - Added AES-NI support for Microsoft Visual Studio builds.
|
---|
| 305 | - Changed small stack build to be disabled by default.
|
---|
| 306 | - Updated the Hash DRBG and provided a configure option to enable.
|
---|
| 307 |
|
---|
| 308 | The CyaSSL manual is available at:
|
---|
| 309 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 310 | and comments about the new features please check the manual.
|
---|
| 311 |
|
---|
| 312 |
|
---|
| 313 | ************ CyaSSL Release 3.0.0 (04/29/2014)
|
---|
| 314 |
|
---|
| 315 | Release 3.0.0 CyaSSL has bug fixes and new features including:
|
---|
| 316 |
|
---|
| 317 | - FIPS release candidate
|
---|
| 318 | - X.509 improvements that address items reported by Suman Jana with security
|
---|
| 319 | researchers at UT Austin and UC Davis
|
---|
| 320 | - Small stack size improvements, --enable-smallstack. Offloads large local
|
---|
| 321 | variables to the heap. (Note this is not complete.)
|
---|
| 322 | - Updated AES-CCM-8 cipher suites to use approved suite numbers.
|
---|
| 323 |
|
---|
| 324 | The CyaSSL manual is available at:
|
---|
| 325 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 326 | and comments about the new features please check the manual.
|
---|
| 327 |
|
---|
| 328 |
|
---|
| 329 | ************ CyaSSL Release 2.9.4 (04/09/2014)
|
---|
| 330 |
|
---|
| 331 | Release 2.9.4 CyaSSL has bug fixes and new features including:
|
---|
| 332 |
|
---|
| 333 | - Security fixes that address items reported by Ivan Fratric of the Google
|
---|
| 334 | Security Team
|
---|
| 335 | - X.509 Unknown critical extensions treated as errors, report by Suman Jana with
|
---|
| 336 | security researchers at UT Austin and UC Davis
|
---|
| 337 | - Sniffer fixes for corrupted packet length and Jumbo frames
|
---|
| 338 | - ARM thumb mode assembly fixes
|
---|
| 339 | - Xcode 5.1 support including new clang
|
---|
| 340 | - PIC32 MZ hardware support
|
---|
| 341 | - CyaSSL Object has enough room to read the Record Header now w/o allocs
|
---|
| 342 | - FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA.
|
---|
| 343 | - A sample I/O pool is demonstrated with --enable-iopool to overtake memory
|
---|
| 344 | handling and reduce memory fragmentation on I/O large sizes
|
---|
| 345 |
|
---|
| 346 | The CyaSSL manual is available at:
|
---|
| 347 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 348 | and comments about the new features please check the manual.
|
---|
| 349 |
|
---|
| 350 |
|
---|
| 351 | ************ CyaSSL Release 2.9.0 (02/07/2014)
|
---|
| 352 |
|
---|
| 353 | Release 2.9.0 CyaSSL has bug fixes and new features including:
|
---|
| 354 | - Freescale Kinetis RNGB support
|
---|
| 355 | - Freescale Kinetis mmCAU support
|
---|
| 356 | - TLS Hello extensions
|
---|
| 357 | - ECC
|
---|
| 358 | - Secure Renegotiation (null)
|
---|
| 359 | - Truncated HMAC
|
---|
| 360 | - SCEP support
|
---|
| 361 | - PKCS #7 Enveloped data and signed data
|
---|
| 362 | - PKCS #10 Certificate Signing Request generation
|
---|
| 363 | - DTLS sliding window
|
---|
| 364 | - OCSP Improvements
|
---|
| 365 | - API change to integrate into Certificate Manager
|
---|
| 366 | - IPv4/IPv6 agnostic
|
---|
| 367 | - example client/server support for OCSP
|
---|
| 368 | - OCSP nonces are optional
|
---|
| 369 | - GMAC hashing
|
---|
| 370 | - Windows build additions
|
---|
| 371 | - Windows CYGWIN build fixes
|
---|
| 372 | - Updated test certificates
|
---|
| 373 | - Microchip MPLAB Harmony support
|
---|
| 374 | - Update autoconf scripts
|
---|
| 375 | - Additional X.509 inspection functions
|
---|
| 376 | - ECC encrypt/decrypt primitives
|
---|
| 377 | - ECC Certificate generation
|
---|
| 378 |
|
---|
| 379 | The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
|
---|
| 380 | K53 Sub-Family Reference Manual:
|
---|
| 381 | http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf
|
---|
| 382 |
|
---|
| 383 | Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation
|
---|
| 384 | can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library
|
---|
| 385 | User Guide":
|
---|
| 386 | http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf
|
---|
| 387 |
|
---|
| 388 |
|
---|
| 389 | *****************CyaSSL Release 2.8.0 (8/30/2013)
|
---|
| 390 |
|
---|
| 391 | Release 2.8.0 CyaSSL has bug fixes and new features including:
|
---|
| 392 | - AES-GCM and AES-CCM use AES-NI
|
---|
| 393 | - NetX default IO callback handlers
|
---|
| 394 | - IPv6 fixes for DTLS Hello Cookies
|
---|
| 395 | - The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys()
|
---|
| 396 | - SEP certificate extensions
|
---|
| 397 | - Callback getters for easier resource freeing
|
---|
| 398 | - External CYASSL_MAX_ERROR_SZ for correct error buffer sizing
|
---|
| 399 | - MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing
|
---|
| 400 | - Public Key Callbacks for ECC and RSA
|
---|
| 401 | - Client now sends blank cert upon request if doesn't have one with TLS <= 1.2
|
---|
| 402 |
|
---|
| 403 |
|
---|
| 404 | The CyaSSL manual is available at:
|
---|
| 405 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 406 | and comments about the new features please check the manual.
|
---|
| 407 |
|
---|
| 408 |
|
---|
| 409 | *****************CyaSSL Release 2.7.0 (6/17/2013)
|
---|
| 410 |
|
---|
| 411 | Release 2.7.0 CyaSSL has bug fixes and new features including:
|
---|
| 412 | - SNI support for client and server
|
---|
| 413 | - KEIL MDK-ARM projects
|
---|
| 414 | - Wildcard check to domain name match, and Subject altnames are checked too
|
---|
| 415 | - Better error messages for certificate verification errors
|
---|
| 416 | - Ability to discard session during handshake verify
|
---|
| 417 | - More consistent error returns across all APIs
|
---|
| 418 | - Ability to unload CAs at the CTX or CertManager level
|
---|
| 419 | - Authority subject id support for Certificate matching
|
---|
| 420 | - Persistent session cache functionality
|
---|
| 421 | - Persistent CA cache functionality
|
---|
| 422 | - Client session table lookups to push serverID table to library level
|
---|
| 423 | - Camellia support to sniffer
|
---|
| 424 | - User controllable settings for DTLS timeout values
|
---|
| 425 | - Sniffer fixes for caching long lived sessions
|
---|
| 426 | - DTLS reliability enhancements for the handshake
|
---|
| 427 | - Better ThreadX support
|
---|
| 428 |
|
---|
| 429 | When compiling with Mingw, libtool may give the following warning due to
|
---|
| 430 | path conversion errors:
|
---|
| 431 |
|
---|
| 432 | libtool: link: Could not determine host file name corresponding to **
|
---|
| 433 | libtool: link: Continuing, but uninstalled executables may not work.
|
---|
| 434 |
|
---|
| 435 | If so, examples and testsuite will have problems when run, showing an
|
---|
| 436 | error while loading shared libraries. To resolve, please run "make install".
|
---|
| 437 |
|
---|
| 438 | The CyaSSL manual is available at:
|
---|
| 439 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 440 | and comments about the new features please check the manual.
|
---|
| 441 |
|
---|
| 442 |
|
---|
| 443 | ************** CyaSSL Release 2.6.0 (04/15/2013)
|
---|
| 444 |
|
---|
| 445 | Release 2.6.0 CyaSSL has bug fixes and new features including:
|
---|
| 446 | - DTLS 1.2 support including AEAD ciphers
|
---|
| 447 | - SHA-3 finalist Blake2 support, it's fast and uses little resources
|
---|
| 448 | - SHA-384 cipher suites including ECC ones
|
---|
| 449 | - HMAC now supports SHA-512
|
---|
| 450 | - Track memory use for example client/server with -t option
|
---|
| 451 | - Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were
|
---|
| 452 | turned on, localhost only was used. Now link-local (with scope ids) and ipv6
|
---|
| 453 | hosts can be used as well.
|
---|
| 454 | - Xcode v4.6 project for iOS v6.1 update
|
---|
| 455 | - settings.h is now checked in all *.c files for true one file setting detection
|
---|
| 456 | - Better alignment at SSL layer for hardware crypto alignment needs
|
---|
| 457 | * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and
|
---|
| 458 | 13 bytes DTLS headers, but every effort is now made to align with the
|
---|
| 459 | CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
|
---|
| 460 | - NO_64BIT flag to turn off 64bit data type accumulators in public key code
|
---|
| 461 | * Note, some systems are faster with 32bit accumulators
|
---|
| 462 | - --enable-stacksize for example client/server stack use
|
---|
| 463 | * Note, modern desktop Operating Systems may add bytes to each stack frame
|
---|
| 464 | - Updated compression/decompression with direct crypto access
|
---|
| 465 | - All ./configure options are now lowercase only for consistency
|
---|
| 466 | - ./configure builds default to fastmath option
|
---|
| 467 | * Note, if on ia32 and building in shared mode this may produce a problem
|
---|
| 468 | with a missing register being available because of PIC, there are at least
|
---|
| 469 | 6 solutions to this:
|
---|
| 470 | 1) --disable-fastmath , don't use fastmath
|
---|
| 471 | 2) --disable-shared, don't build a shared library
|
---|
| 472 | 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use
|
---|
| 473 | 4) use clang, it just seems to work
|
---|
| 474 | 5) play around with no PIC options to force all registers being open,
|
---|
| 475 | e.g, --without-pic
|
---|
| 476 | 6) if static lib is still a problem try removing fPIE
|
---|
| 477 | - Many new ./configure switches for option enable/disable for example
|
---|
| 478 | * rsa
|
---|
| 479 | * dh
|
---|
| 480 | * dsa
|
---|
| 481 | * md5
|
---|
| 482 | * sha
|
---|
| 483 | * arc4
|
---|
| 484 | * null (allow NULL ciphers)
|
---|
| 485 | * oldtls (only use TLS 1.2)
|
---|
| 486 | * asn (no certs or public keys allowed)
|
---|
| 487 | - ./configure generates cyassl/options.h which allows a header the user can
|
---|
| 488 | include in their app to make sure the same options are set at the app and
|
---|
| 489 | CyaSSL level.
|
---|
| 490 | - autoconf no longer needs serial-tests which lowers version requirements of
|
---|
| 491 | automake to 1.11 and autoconf to 2.63
|
---|
| 492 |
|
---|
| 493 | The CyaSSL manual is available at:
|
---|
| 494 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 495 | and comments about the new features please check the manual.
|
---|
| 496 |
|
---|
| 497 |
|
---|
| 498 |
|
---|
| 499 | ************** CyaSSL Release 2.5.0 (02/04/2013)
|
---|
| 500 |
|
---|
| 501 | Release 2.5.0 CyaSSL has bug fixes and new features including:
|
---|
| 502 | - Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and
|
---|
| 503 | Kenny Paterson: http://www.isg.rhul.ac.uk/tls/
|
---|
| 504 | - Microchip PIC32 (MIPS16, MIPS32) support
|
---|
| 505 | - Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit
|
---|
| 506 | - Updated CTaoCrypt benchmark app for embedded systems
|
---|
| 507 | - 1024-bit test certs/keys and cert/key buffers
|
---|
| 508 | - AES-CCM-8 crypto and cipher suites
|
---|
| 509 | - Camellia crypto and cipher suites
|
---|
| 510 | - Bumped minimum autoconf version to 2.65, automake version to 1.12
|
---|
| 511 | - Addition of OCSP callbacks
|
---|
| 512 | - STM32F2 support with hardware crypto and RNG
|
---|
| 513 | - Cavium NITROX support
|
---|
| 514 |
|
---|
| 515 | CTaoCrypt now has support for the Microchip PIC32 and has been tested with
|
---|
| 516 | the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and
|
---|
| 517 | MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README
|
---|
| 518 | located under the <cyassl_root>/mplabx directory for more details.
|
---|
| 519 |
|
---|
| 520 | To add Cavium NITROX support do:
|
---|
| 521 |
|
---|
| 522 | ./configure --with-cavium=/home/user/cavium/software
|
---|
| 523 |
|
---|
| 524 | pointing to your licensed cavium/software directory. Since Cavium doesn't
|
---|
| 525 | build a library we pull in the cavium_common.o file which gives a libtool
|
---|
| 526 | warning about the portability of this. Also, if you're using the github source
|
---|
| 527 | tree you'll need to remove the -Wredundant-decls warning from the generated
|
---|
| 528 | Makefile because the cavium headers don't conform to this warning. Currently
|
---|
| 529 | CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto
|
---|
| 530 | layer. Support at the SSL level is partial and currently just does AES, 3DES,
|
---|
| 531 | and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non
|
---|
| 532 | blocking mode. The example client turns on cavium support as does the crypto
|
---|
| 533 | test and benchmark. Please see the HAVE_CAVIUM define.
|
---|
| 534 |
|
---|
| 535 | CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
|
---|
| 536 | generator through the STM32F2 Standard Peripheral Library. For necessary
|
---|
| 537 | defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
|
---|
| 538 | STM32F2 Standard Peripheral Library can be found in the following document:
|
---|
| 539 | http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
|
---|
| 540 |
|
---|
| 541 | The CyaSSL manual is available at:
|
---|
| 542 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 543 | and comments about the new features please check the manual.
|
---|
| 544 |
|
---|
| 545 |
|
---|
| 546 |
|
---|
| 547 | *************** CyaSSL Release 2.4.6 (12/20/2012)
|
---|
| 548 |
|
---|
| 549 | Release 2.4.6 CyaSSL has bug fixes and a few new features including:
|
---|
| 550 | - ECC into main version
|
---|
| 551 | - Lean PSK build (reduced code size, RAM usage, and stack usage)
|
---|
| 552 | - FreeBSD CRL monitor support
|
---|
| 553 | - CyaSSL_peek()
|
---|
| 554 | - CyaSSL_send() and CyaSSL_recv() for I/O flag setting
|
---|
| 555 | - CodeWarrior Support
|
---|
| 556 | - MQX Support
|
---|
| 557 | - Freescale Kinetis support including Hardware RNG
|
---|
| 558 | - autoconf builds use jobserver
|
---|
| 559 | - cyassl-config
|
---|
| 560 | - Sniffer memory reductions
|
---|
| 561 |
|
---|
| 562 | Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
|
---|
| 563 | warning system, and general good ideas for improving CyaSSL!
|
---|
| 564 |
|
---|
| 565 | The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
|
---|
| 566 | K70 Sub-Family Reference Manual:
|
---|
| 567 | http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
|
---|
| 568 |
|
---|
| 569 | The CyaSSL manual is available at:
|
---|
| 570 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 571 | and comments about the new features please check the manual.
|
---|
| 572 |
|
---|
| 573 |
|
---|
| 574 | *************** CyaSSL Release 2.4.0 (10/10/2012)
|
---|
| 575 |
|
---|
| 576 | Release 2.4.0 CyaSSL has bug fixes and a few new features including:
|
---|
| 577 | - DTLS reliability
|
---|
| 578 | - Reduced memory usage after handshake
|
---|
| 579 | - Updated build process
|
---|
| 580 |
|
---|
| 581 | The CyaSSL manual is available at:
|
---|
| 582 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 583 | and comments about the new features please check the manual.
|
---|
| 584 |
|
---|
| 585 |
|
---|
| 586 |
|
---|
| 587 | *************** CyaSSL Release 2.3.0 (8/10/2012)
|
---|
| 588 |
|
---|
| 589 | Release 2.3.0 CyaSSL has bug fixes and a few new features including:
|
---|
| 590 | - AES-GCM crypto and cipher suites
|
---|
| 591 | - make test cipher suite checks
|
---|
| 592 | - Subject AltName processing
|
---|
| 593 | - Command line support for client/server examples
|
---|
| 594 | - Sniffer SessionTicket support
|
---|
| 595 | - SHA-384 cipher suites
|
---|
| 596 | - Verify cipher suite validity when user overrides
|
---|
| 597 | - CRL dir monitoring
|
---|
| 598 | - DTLS Cookie support, reliability coming soon
|
---|
| 599 |
|
---|
| 600 | The CyaSSL manual is available at:
|
---|
| 601 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 602 | and comments about the new features please check the manual.
|
---|
| 603 |
|
---|
| 604 |
|
---|
| 605 |
|
---|
| 606 | ***************CyaSSL Release 2.2.0 (5/18/2012)
|
---|
| 607 |
|
---|
| 608 | Release 2.2.0 CyaSSL has bug fixes and a few new features including:
|
---|
| 609 | - Initial CRL support (--enable-crl)
|
---|
| 610 | - Initial OCSP support (--enable-ocsp)
|
---|
| 611 | - Add static ECDH suites
|
---|
| 612 | - SHA-384 support
|
---|
| 613 | - ECC client certificate support
|
---|
| 614 | - Add medium session cache size (1055 sessions)
|
---|
| 615 | - Updated unit tests
|
---|
| 616 | - Protection against mutex reinitialization
|
---|
| 617 |
|
---|
| 618 |
|
---|
| 619 | The CyaSSL manual is available at:
|
---|
| 620 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 621 | and comments about the new features please check the manual.
|
---|
| 622 |
|
---|
| 623 |
|
---|
| 624 |
|
---|
| 625 | ***************CyaSSL Release 2.0.8 (2/24/2012)
|
---|
| 626 |
|
---|
| 627 | Release 2.0.8 CyaSSL has bug fixes and a few new features including:
|
---|
| 628 | - A fix for malicious certificates pointed out by Remi Gacogne (thanks)
|
---|
| 629 | resulting in NULL pointer use.
|
---|
| 630 | - Respond to renegotiation attempt with no_renegoatation alert
|
---|
| 631 | - Add basic path support for load_verify_locations()
|
---|
| 632 | - Add set Temp EC-DHE key size
|
---|
| 633 | - Extra checks on rsa test when porting into
|
---|
| 634 |
|
---|
| 635 |
|
---|
| 636 | The CyaSSL manual is available at:
|
---|
| 637 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 638 | and comments about the new features please check the manual.
|
---|
| 639 |
|
---|
| 640 |
|
---|
| 641 |
|
---|
| 642 | ************* CyaSSL Release 2.0.6 (1/27/2012)
|
---|
| 643 |
|
---|
| 644 | Release 2.0.6 CyaSSL has bug fixes and a few new features including:
|
---|
| 645 | - Fixes for CA basis constraint check
|
---|
| 646 | - CTX reference counting
|
---|
| 647 | - Initial unit test additions
|
---|
| 648 | - Lean and Mean Windows fix
|
---|
| 649 | - ECC benchmarking
|
---|
| 650 | - SSMTP build support
|
---|
| 651 | - Ability to group handshake messages with set_group_messages(ctx/ssl)
|
---|
| 652 | - CA cache addition callback
|
---|
| 653 | - Export Base64_Encode for general use
|
---|
| 654 |
|
---|
| 655 | The CyaSSL manual is available at:
|
---|
| 656 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 657 | and comments about the new features please check the manual.
|
---|
| 658 |
|
---|
| 659 |
|
---|
| 660 |
|
---|
| 661 | ************* CyaSSL Release 2.0.2 (12/05/2011)
|
---|
| 662 |
|
---|
| 663 | Release 2.0.2 CyaSSL has bug fixes and a few new features including:
|
---|
| 664 | - CTaoCrypt Runtime library detection settings when directly using the crypto
|
---|
| 665 | library
|
---|
| 666 | - Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
|
---|
| 667 | - All test certificates now use 2048bit and SHA-1 for better modern browser
|
---|
| 668 | support
|
---|
| 669 | - Direct AES block access and AES-CTR (counter) mode
|
---|
| 670 | - Microchip pic32 support
|
---|
| 671 |
|
---|
| 672 | The CyaSSL manual is available at:
|
---|
| 673 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 674 | and comments about the new features please check the manual.
|
---|
| 675 |
|
---|
| 676 |
|
---|
| 677 |
|
---|
| 678 | ************* CyaSSL Release 2.0.0rc3 (9/28/2011)
|
---|
| 679 |
|
---|
| 680 | Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
|
---|
| 681 | - updated autoconf support
|
---|
| 682 | - better make install and uninstall (uses system directories)
|
---|
| 683 | - make test / make check
|
---|
| 684 | - CyaSSL headers now in <cyassl/*.h>
|
---|
| 685 | - CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
|
---|
| 686 | - OpenSSL compatibility headers now in <cyassl/openssl/*.h>
|
---|
| 687 | - examples and tests all run from home directory so can use certs in ./certs
|
---|
| 688 | (see note 1)
|
---|
| 689 |
|
---|
| 690 | So previous applications that used the OpenSSL compatibility header
|
---|
| 691 | <openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
|
---|
| 692 | changes are required.
|
---|
| 693 |
|
---|
| 694 | Special Thanks to Brian Aker for his autoconf, install, and header patches.
|
---|
| 695 |
|
---|
| 696 | The CyaSSL manual is available at:
|
---|
| 697 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 698 | and comments about the new features please check the manual.
|
---|
| 699 |
|
---|
| 700 | ************CyaSSL Release 2.0.0rc2 (6/6/2011)
|
---|
| 701 |
|
---|
| 702 | Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
|
---|
| 703 | - bug fixes (Alerts, DTLS with DHE)
|
---|
| 704 | - FreeRTOS support
|
---|
| 705 | - lwIP support
|
---|
| 706 | - Wshadow warnings removed
|
---|
| 707 | - asn public header
|
---|
| 708 | - CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
|
---|
| 709 | updated to reflect this change)
|
---|
| 710 | - and more.
|
---|
| 711 |
|
---|
| 712 | This is the 2nd and perhaps final release candidate for version 2.
|
---|
| 713 | Please send any comments or questions to support@wolfssl.com.
|
---|
| 714 |
|
---|
| 715 | The CyaSSL manual is available at:
|
---|
| 716 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 717 | and comments about the new features please check the manual.
|
---|
| 718 |
|
---|
| 719 | ***********CyaSSL Release 2.0.0rc1 (5/2/2011)
|
---|
| 720 |
|
---|
| 721 | Release 2.0.0rc1 for CyaSSL has many new features including:
|
---|
| 722 | - bug fixes
|
---|
| 723 | - SHA-256 cipher suites
|
---|
| 724 | - Root Certificate Verification (instead of needing all certs in the chain)
|
---|
| 725 | - PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12)
|
---|
| 726 | - Serial number retrieval for x509
|
---|
| 727 | - PBKDF2 and PKCS #12 PBKDF
|
---|
| 728 | - UID parsing for x509
|
---|
| 729 | - SHA-256 certificate signatures
|
---|
| 730 | - Client and server can send chains (SSL_CTX_use_certificate_chain_file)
|
---|
| 731 | - CA loading can now parse multiple certificates per file
|
---|
| 732 | - Dynamic memory runtime hooks
|
---|
| 733 | - Runtime hooks for logging
|
---|
| 734 | - EDH on server side
|
---|
| 735 | - More informative error codes
|
---|
| 736 | - More informative logging messages
|
---|
| 737 | - Version downgrade more robust (use SSL_v23*)
|
---|
| 738 | - Shared build only by default through ./configure
|
---|
| 739 | - Compiler visibility is now used, internal functions not polluting namespace
|
---|
| 740 | - Single Makefile, no recursion, for faster and simpler building
|
---|
| 741 | - Turn on all warnings possible build option, warning fixes
|
---|
| 742 | - and more.
|
---|
| 743 |
|
---|
| 744 | Because of all the new features and the multiple OS, compiler, feature-set
|
---|
| 745 | options that CyaSSL allows, there may be some configuration fixes needed.
|
---|
| 746 | Please send any comments or questions to support@wolfssl.com.
|
---|
| 747 |
|
---|
| 748 | The CyaSSL manual is available at:
|
---|
| 749 | http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
|
---|
| 750 | and comments about the new features please check the manual.
|
---|
| 751 |
|
---|
| 752 | ****************** CyaSSL Release 1.9.0 (3/2/2011)
|
---|
| 753 |
|
---|
| 754 | Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
|
---|
| 755 | better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
|
---|
| 756 | improper AES key setup detection, user cert verify callback improvements, and
|
---|
| 757 | more.
|
---|
| 758 |
|
---|
| 759 | The CyaSSL manual offering is included in the doc/ directory. For build
|
---|
| 760 | instructions and comments about the new features please check the manual.
|
---|
| 761 |
|
---|
| 762 | Please send any comments or questions to support@wolfssl.com.
|
---|
| 763 |
|
---|
| 764 | ****************** CyaSSL Release 1.8.0 (12/23/2010)
|
---|
| 765 |
|
---|
| 766 | Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
|
---|
| 767 | generation, a C standard library abstraction layer, lower memory use, increased
|
---|
| 768 | portability through the os_settings.h file, and the ability to use NTRU cipher
|
---|
| 769 | suites when used in conjunction with an NTRU license and library.
|
---|
| 770 |
|
---|
| 771 | The initial CyaSSL manual offering is included in the doc/ directory. For
|
---|
| 772 | build instructions and comments about the new features please check the manual.
|
---|
| 773 |
|
---|
| 774 | Please send any comments or questions to support@wolfssl.com.
|
---|
| 775 |
|
---|
| 776 | Happy Holidays.
|
---|
| 777 |
|
---|
| 778 |
|
---|
| 779 | ********************* CyaSSL Release 1.6.5 (9/9/2010)
|
---|
| 780 |
|
---|
| 781 | Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate
|
---|
| 782 | generation.
|
---|
| 783 |
|
---|
| 784 | For general build instructions see doc/Building_CyaSSL.pdf.
|
---|
| 785 |
|
---|
| 786 | To enable certificate generation support add this option to ./configure
|
---|
| 787 | ./configure --enable-certgen
|
---|
| 788 |
|
---|
| 789 | An example is included in ctaocrypt/test/test.c and documentation is provided
|
---|
| 790 | in doc/CyaSSL_Extensions_Reference.pdf item 11.
|
---|
| 791 |
|
---|
| 792 | ********************** CyaSSL Release 1.6.0 (8/27/2010)
|
---|
| 793 |
|
---|
| 794 | Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key
|
---|
| 795 | generation.
|
---|
| 796 |
|
---|
| 797 | For general build instructions see doc/Building_CyaSSL.pdf.
|
---|
| 798 |
|
---|
| 799 | To add RIPEMD-160 support add this option to ./configure
|
---|
| 800 | ./configure --enable-ripemd
|
---|
| 801 |
|
---|
| 802 | To add SHA-512 support add this option to ./configure
|
---|
| 803 | ./configure --enable-sha512
|
---|
| 804 |
|
---|
| 805 | To add RSA key generation support add this option to ./configure
|
---|
| 806 | ./configure --enable-keygen
|
---|
| 807 |
|
---|
| 808 | Please see ctaocrypt/test/test.c for examples and usage.
|
---|
| 809 |
|
---|
| 810 | For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is
|
---|
| 811 | off by default. To turn key generation on add the define CYASSL_KEY_GEN to
|
---|
| 812 | CyaSSL.
|
---|
| 813 |
|
---|
| 814 |
|
---|
| 815 | ************* CyaSSL Release 1.5.6 (7/28/2010)
|
---|
| 816 |
|
---|
| 817 | Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider,
|
---|
| 818 | and a fix for GCC builds on some systems.
|
---|
| 819 |
|
---|
| 820 | For general build instructions see doc/Building_CyaSSL.pdf.
|
---|
| 821 |
|
---|
| 822 | To add AES-NI support add this option to ./configure
|
---|
| 823 | ./configure --enable-aesni
|
---|
| 824 |
|
---|
| 825 | You'll need GCC 4.4.3 or later to make use of the assembly.
|
---|
| 826 |
|
---|
| 827 | ************** CyaSSL Release 1.5.4 (7/7/2010)
|
---|
| 828 |
|
---|
| 829 | Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed
|
---|
| 830 | improvements from loop unrolling, and support for the Mongoose Web Server.
|
---|
| 831 |
|
---|
| 832 | For general build instructions see doc/Building_CyaSSL.pdf.
|
---|
| 833 |
|
---|
| 834 | To add AES-NI support add this option to ./configure
|
---|
| 835 | ./configure --enable-aesni
|
---|
| 836 |
|
---|
| 837 | You'll need GCC 4.4.3 or later to make use of the assembly.
|
---|
| 838 |
|
---|
| 839 | *************** CyaSSL Release 1.5.0 (5/11/2010)
|
---|
| 840 |
|
---|
| 841 | Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer
|
---|
| 842 | support, and initial swig interface support.
|
---|
| 843 |
|
---|
| 844 | For general build instructions see doc/Building_CyaSSL.pdf.
|
---|
| 845 |
|
---|
| 846 | To add support for GoAhead WebServer either --enable-opensslExtra or if you
|
---|
| 847 | don't want all the features of opensslExtra you can just define GOAHEAD_WS
|
---|
| 848 | instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or
|
---|
| 849 | you can define it yourself.
|
---|
| 850 |
|
---|
| 851 | To look at the sniffer support please see the sniffertest app in
|
---|
| 852 | sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the
|
---|
| 853 | vcproj files on windows. You'll need to have pcap installed on *nix and
|
---|
| 854 | WinPcap on windows.
|
---|
| 855 |
|
---|
| 856 | A swig interface file is now located in the swig directory for using Python,
|
---|
| 857 | Java, Perl, and others with CyaSSL. This is initial support and experimental,
|
---|
| 858 | please send questions or comments to support@wolfssl.com.
|
---|
| 859 |
|
---|
| 860 | When doing load testing with CyaSSL, on the echoserver example say, the client
|
---|
| 861 | machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT
|
---|
| 862 | queue, and can't be reused by default. There are generally two ways to fix
|
---|
| 863 | this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow
|
---|
| 864 | items on the TIME_WAIT queue to be reused.
|
---|
| 865 |
|
---|
| 866 |
|
---|
| 867 | To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds)
|
---|
| 868 |
|
---|
| 869 | sudo sysctl -w net.inet.tcp.msl=3000
|
---|
| 870 |
|
---|
| 871 | In Linux
|
---|
| 872 |
|
---|
| 873 | sudo sysctl -w net.ipv4.tcp_tw_reuse=1
|
---|
| 874 |
|
---|
| 875 | allows reuse of sockets in TIME_WAIT
|
---|
| 876 |
|
---|
| 877 | sudo sysctl -w net.ipv4.tcp_tw_recycle=1
|
---|
| 878 |
|
---|
| 879 | works but seems to remove sockets from TIME_WAIT entirely?
|
---|
| 880 |
|
---|
| 881 | sudo sysctl -w net.ipv4.tcp_fin_timeout=1
|
---|
| 882 |
|
---|
| 883 | doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
|
---|
| 884 |
|
---|
| 885 |
|
---|
| 886 | ******************** CyaSSL Release 1.4.0 (2/18/2010)
|
---|
| 887 |
|
---|
| 888 | Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support
|
---|
| 889 | through SSLv23_server_method(), and improved documentation in the doc/ folder.
|
---|
| 890 |
|
---|
| 891 | For general build instructions doc/Building_CyaSSL.pdf.
|
---|
| 892 |
|
---|
| 893 | ******************** CyaSSL Release 1.3.0 (1/21/2010)
|
---|
| 894 |
|
---|
| 895 | Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix,
|
---|
| 896 | better porting support, removal of assert()s, and a complete THREADX port.
|
---|
| 897 |
|
---|
| 898 | For general build instructions see rc1 below.
|
---|
| 899 |
|
---|
| 900 | ******************** CyaSSL Release 1.2.0 (11/2/2009)
|
---|
| 901 |
|
---|
| 902 | Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is
|
---|
| 903 | read or write.
|
---|
| 904 |
|
---|
| 905 | For general build instructions see rc1 below.
|
---|
| 906 |
|
---|
| 907 | ******************** CyaSSL Release 1.1.0 (9/2/2009)
|
---|
| 908 |
|
---|
| 909 | Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session
|
---|
| 910 | cache use, support for lighttpd, and TLS 1.2.
|
---|
| 911 |
|
---|
| 912 | To get TLS 1.2 support please use the client and server functions:
|
---|
| 913 |
|
---|
| 914 | SSL_METHOD *TLSv1_2_server_method(void);
|
---|
| 915 | SSL_METHOD *TLSv1_2_client_method(void);
|
---|
| 916 |
|
---|
| 917 | CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with
|
---|
| 918 | lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>:
|
---|
| 919 |
|
---|
| 920 | ./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib
|
---|
| 921 |
|
---|
| 922 | make
|
---|
| 923 | make openssl-links
|
---|
| 924 |
|
---|
| 925 | Then to build lighttpd with CyaSSL use the following commands from the
|
---|
| 926 | lighttpd install dir:
|
---|
| 927 |
|
---|
| 928 | ./configure --with-openssl --with-openssl-includes=<CyaSSLDir>/include --with-openssl-libs=<CyaSSLDir>/lib LDFLAGS=-lm
|
---|
| 929 |
|
---|
| 930 | make
|
---|
| 931 |
|
---|
| 932 | On some systems you may get a linker error about a duplicate symbol for
|
---|
| 933 | MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file
|
---|
| 934 | md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o.
|
---|
| 935 | When liblightcomp is linked with the SSL_LIBs the linker may complain about
|
---|
| 936 | the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c
|
---|
| 937 | and adding this line to the beginning of the file:
|
---|
| 938 |
|
---|
| 939 | #if 0
|
---|
| 940 |
|
---|
| 941 | and this line to the end of the file
|
---|
| 942 |
|
---|
| 943 | #endif
|
---|
| 944 |
|
---|
| 945 | Then from the lighttpd src dir do a:
|
---|
| 946 |
|
---|
| 947 | make clean
|
---|
| 948 | make
|
---|
| 949 |
|
---|
| 950 |
|
---|
| 951 | If you get link errors about undefined symbols more than likely the actual
|
---|
| 952 | OpenSSL libraries are found by the linker before the CyaSSL openssl-links that
|
---|
| 953 | point to the CyaSSL library, causing the linker confusion. This can be fixed
|
---|
| 954 | by editing the Makefile in the lighttpd src directory and changing the line:
|
---|
| 955 |
|
---|
| 956 | SSL_LIB = -lssl -lcrypto
|
---|
| 957 |
|
---|
| 958 | to
|
---|
| 959 |
|
---|
| 960 | SSL_LIB = -lcyassl
|
---|
| 961 |
|
---|
| 962 | Then from the lighttpd src dir do a:
|
---|
| 963 |
|
---|
| 964 | make clean
|
---|
| 965 | make
|
---|
| 966 |
|
---|
| 967 | This should remove any confusion the linker may be having with missing symbols.
|
---|
| 968 |
|
---|
| 969 | For any questions or concerns please contact support@wolfssl.com .
|
---|
| 970 |
|
---|
| 971 | For general build instructions see rc1 below.
|
---|
| 972 |
|
---|
| 973 | ******************CyaSSL Release 1.0.6 (8/03/2009)
|
---|
| 974 |
|
---|
| 975 | Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster
|
---|
| 976 | math with a huge code option.
|
---|
| 977 |
|
---|
| 978 | The session cache now defaults to a client mode, also good for embedded servers.
|
---|
| 979 | For servers not under heavy load (less than 200 new sessions per minute), define
|
---|
| 980 | BIG_SESSION_CACHE. If the server will be under heavy load, define
|
---|
| 981 | HUGE_SESSION_CACHE.
|
---|
| 982 |
|
---|
| 983 | There is now a fasthugemath option for configure. This enables fastmath plus
|
---|
| 984 | even faster math by greatly increasing the code size of the math library. Use
|
---|
| 985 | the benchmark utility to compare public key operations.
|
---|
| 986 |
|
---|
| 987 |
|
---|
| 988 | For general build instructions see rc1 below.
|
---|
| 989 |
|
---|
| 990 | ******************CyaSSL Release 1.0.3 (5/10/2009)
|
---|
| 991 |
|
---|
| 992 | Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL
|
---|
| 993 | compatibility when building other applications.
|
---|
| 994 |
|
---|
| 995 | Release 1.0.3 includes an alpha release of DTLS for both client and servers.
|
---|
| 996 | This is only for testing purposes at this time. Rebroadcast and reordering
|
---|
| 997 | aren't fully implemented at this time but will be for the next release.
|
---|
| 998 |
|
---|
| 999 | For general build instructions see rc1 below.
|
---|
| 1000 |
|
---|
| 1001 | ******************CyaSSL Release 1.0.2 (4/3/2009)
|
---|
| 1002 |
|
---|
| 1003 | Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems
|
---|
| 1004 | will send a SIGPIPE on socket recv() at any time and this should be handled by
|
---|
| 1005 | the application by turning off SIGPIPE through setsockopt() or returning from
|
---|
| 1006 | the handler.
|
---|
| 1007 |
|
---|
| 1008 | Release 1.0.2 includes an alpha release of DTLS for both client and servers.
|
---|
| 1009 | This is only for testing purposes at this time. Rebroadcast and reordering
|
---|
| 1010 | aren't fully implemented at this time but will be for the next release.
|
---|
| 1011 |
|
---|
| 1012 | For general build instructions see rc1 below.
|
---|
| 1013 |
|
---|
| 1014 | *****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009)
|
---|
| 1015 |
|
---|
| 1016 |
|
---|
| 1017 | Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for
|
---|
| 1018 | iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root
|
---|
| 1019 | directory. This release also includes a fix for supporting other
|
---|
| 1020 | implementations that bundle multiple messages at the record layer, this was
|
---|
| 1021 | lost when cyassl i/o was re-implemented but is now fixed.
|
---|
| 1022 |
|
---|
| 1023 | For general build instructions see rc1 below.
|
---|
| 1024 |
|
---|
| 1025 | *****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009)
|
---|
| 1026 |
|
---|
| 1027 |
|
---|
| 1028 | Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
|
---|
| 1029 | ciphers along with their respective cipher suites. CyaSSL adds support for
|
---|
| 1030 | HC-128 and RABBIT stream ciphers. The new suites are:
|
---|
| 1031 |
|
---|
| 1032 | TLS_RSA_WITH_HC_128_SHA
|
---|
| 1033 | TLS_RSA_WITH_RABBIT_SHA
|
---|
| 1034 |
|
---|
| 1035 | And the corresponding cipher names are
|
---|
| 1036 |
|
---|
| 1037 | HC128-SHA
|
---|
| 1038 | RABBIT-SHA
|
---|
| 1039 |
|
---|
| 1040 | CyaSSL also adds support for building with devkitPro for PPC by changing the
|
---|
| 1041 | library proper to use libogc. The examples haven't been changed yet but if
|
---|
| 1042 | there's interest they can be. Here's an example ./configure to build CyaSSL
|
---|
| 1043 | for devkitPro:
|
---|
| 1044 |
|
---|
| 1045 | ./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO"
|
---|
| 1046 |
|
---|
| 1047 | For linking purposes you'll need
|
---|
| 1048 |
|
---|
| 1049 | LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"
|
---|
| 1050 |
|
---|
| 1051 | For general build instructions see rc1 below.
|
---|
| 1052 |
|
---|
| 1053 |
|
---|
| 1054 | ********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008)
|
---|
| 1055 |
|
---|
| 1056 |
|
---|
| 1057 | Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several
|
---|
| 1058 | areas have optimization improvements, less dynamic memory use, and the I/O
|
---|
| 1059 | strategy has been refactored to allow alternate I/O handling or Library use.
|
---|
| 1060 | Many thanks to Thierry Fournier for providing these ideas and most of the work.
|
---|
| 1061 |
|
---|
| 1062 | Because of these changes, this release is only a candidate since some problems
|
---|
| 1063 | are probably inevitable on some platform with some I/O use. Please report any
|
---|
| 1064 | problems and we'll try to resolve them as soon as possible. You can contact us
|
---|
| 1065 | at support@wolfssl.com or todd@wolfssl.com.
|
---|
| 1066 |
|
---|
| 1067 | Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly
|
---|
| 1068 | on some platforms. This is new so please report any problems as every compiler,
|
---|
| 1069 | mode, OS combination hasn't been tested. On ia32 all of the registers need to
|
---|
| 1070 | be available so be sure to pass these options to CFLAGS:
|
---|
| 1071 |
|
---|
| 1072 | CFLAGS="-O3 -fomit-frame-pointer"
|
---|
| 1073 |
|
---|
| 1074 | OS X will also need -mdynamic-no-pic added to CFLAGS
|
---|
| 1075 |
|
---|
| 1076 | Also if you're building in shared mode for ia32 you'll need to pass options to
|
---|
| 1077 | LDFLAGS as well on OS X:
|
---|
| 1078 |
|
---|
| 1079 | LDFLAGS=-Wl,-read_only_relocs,warning
|
---|
| 1080 |
|
---|
| 1081 | This gives warnings for some symbols but seems to work.
|
---|
| 1082 |
|
---|
| 1083 |
|
---|
| 1084 | --To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
|
---|
| 1085 |
|
---|
| 1086 | ./configure
|
---|
| 1087 | make
|
---|
| 1088 |
|
---|
| 1089 | from the ./testsuite/ directory run ./testsuite
|
---|
| 1090 |
|
---|
| 1091 | to make a debug build:
|
---|
| 1092 |
|
---|
| 1093 | ./configure --enable-debug --disable-shared
|
---|
| 1094 | make
|
---|
| 1095 |
|
---|
| 1096 |
|
---|
| 1097 |
|
---|
| 1098 | --To build on Win32
|
---|
| 1099 |
|
---|
| 1100 | Choose (Re)Build All from the project workspace
|
---|
| 1101 |
|
---|
| 1102 | Run the testsuite program
|
---|
| 1103 |
|
---|
| 1104 |
|
---|
| 1105 |
|
---|
| 1106 |
|
---|
| 1107 |
|
---|
| 1108 | *************************CyaSSL version 0.9.9 (7/25/2008)
|
---|
| 1109 |
|
---|
| 1110 | This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory
|
---|
| 1111 | handling, and optionally TomsFastMath. Thanks to Mois辿s Guimar達es for the
|
---|
| 1112 | work on TomsFastMath.
|
---|
| 1113 |
|
---|
| 1114 | To optionally use TomsFastMath pass --enable-fastmath to ./configure
|
---|
| 1115 | Or define USE_FAST_MATH in each project from CyaSSL for MSVC.
|
---|
| 1116 |
|
---|
| 1117 | Please use the benchmark routine before and after to see the performance
|
---|
| 1118 | difference, on some platforms the gains will be little but RSA encryption
|
---|
| 1119 | always seems to be faster. On x86-64 machines with GCC the normal math library
|
---|
| 1120 | may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't
|
---|
| 1121 | yet use -m64 because of GCCs inability to do 128bit division.
|
---|
| 1122 |
|
---|
| 1123 | **** UPDATE GCC 4.2.1 can now do 128bit division ***
|
---|
| 1124 |
|
---|
| 1125 | See notes below (0.2.0) for complete build instructions.
|
---|
| 1126 |
|
---|
| 1127 |
|
---|
| 1128 | ****************CyaSSL version 0.9.8 (5/7/2008)
|
---|
| 1129 |
|
---|
| 1130 | This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better
|
---|
| 1131 | socket handling.
|
---|
| 1132 |
|
---|
| 1133 | See notes below (0.2.0) for complete build instructions.
|
---|
| 1134 |
|
---|
| 1135 |
|
---|
| 1136 | ****************CyaSSL version 0.9.6 (1/31/2008)
|
---|
| 1137 |
|
---|
| 1138 | This release of CyaSSL adds bug fixes, increased session management, and a fix
|
---|
| 1139 | for gnutls.
|
---|
| 1140 |
|
---|
| 1141 | See notes below (0.2.0) for complete build instructions.
|
---|
| 1142 |
|
---|
| 1143 |
|
---|
| 1144 | ****************CyaSSL version 0.9.0 (10/15/2007)
|
---|
| 1145 |
|
---|
| 1146 | This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support,
|
---|
| 1147 | IPV6 support and test, and new test certificates.
|
---|
| 1148 |
|
---|
| 1149 | See notes below (0.2.0) for complete build instructions.
|
---|
| 1150 |
|
---|
| 1151 |
|
---|
| 1152 | ****************CyaSSL version 0.8.0 (1/10/2007)
|
---|
| 1153 |
|
---|
| 1154 | This release of CyaSSL adds increased socket support, for non-blocking writes,
|
---|
| 1155 | connects, and interrupted system calls.
|
---|
| 1156 |
|
---|
| 1157 | See notes below (0.2.0) for complete build instructions.
|
---|
| 1158 |
|
---|
| 1159 |
|
---|
| 1160 | ****************CyaSSL version 0.6.3 (10/30/2006)
|
---|
| 1161 |
|
---|
| 1162 | This release of CyaSSL adds debug logging to stderr to aid in the debugging of
|
---|
| 1163 | CyaSSL on systems that may not provide the best support.
|
---|
| 1164 |
|
---|
| 1165 | If CyaSSL is built with debugging support then you need to call
|
---|
| 1166 | CyaSSL_Debugging_ON() to turn logging on.
|
---|
| 1167 |
|
---|
| 1168 | On Unix use ./configure --enable-debug
|
---|
| 1169 |
|
---|
| 1170 | On Windows define DEBUG_CYASSL when building CyaSSL
|
---|
| 1171 |
|
---|
| 1172 |
|
---|
| 1173 | To turn logging back off call CyaSSL_Debugging_OFF()
|
---|
| 1174 |
|
---|
| 1175 | See notes below (0.2.0) for complete build instructions.
|
---|
| 1176 |
|
---|
| 1177 |
|
---|
| 1178 | *****************CyaSSL version 0.6.2 (10/29/2006)
|
---|
| 1179 |
|
---|
| 1180 | This release of CyaSSL adds TLS 1.1.
|
---|
| 1181 |
|
---|
| 1182 | Note that CyaSSL has certificate verification on by default, unlike OpenSSL.
|
---|
| 1183 | To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with
|
---|
| 1184 | SSL_VERIFY_NONE. In order to have full security you should never do this,
|
---|
| 1185 | provide CyaSSL with the proper certificates to eliminate impostors and call
|
---|
| 1186 | CyaSSL_check_domain_name() to prevent man in the middle attacks.
|
---|
| 1187 |
|
---|
| 1188 | See notes below (0.2.0) for build instructions.
|
---|
| 1189 |
|
---|
| 1190 | *****************CyaSSL version 0.6.0 (10/25/2006)
|
---|
| 1191 |
|
---|
| 1192 | This release of CyaSSL adds more SSL functions, better autoconf, nonblocking
|
---|
| 1193 | I/O for accept, connect, and read. There is now an --enable-small configure
|
---|
| 1194 | option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in
|
---|
| 1195 | for the defines. Note that TLS requires HMAC and AES requires TLS.
|
---|
| 1196 |
|
---|
| 1197 | See notes below (0.2.0) for build instructions.
|
---|
| 1198 |
|
---|
| 1199 |
|
---|
| 1200 | *****************CyaSSL version 0.5.5 (09/27/2006)
|
---|
| 1201 |
|
---|
| 1202 | This mini release of CyaSSL adds better input processing through buffered input
|
---|
| 1203 | and big message support. Added SSL_pending() and some sanity checks on user
|
---|
| 1204 | settings.
|
---|
| 1205 |
|
---|
| 1206 | See notes below (0.2.0) for build instructions.
|
---|
| 1207 |
|
---|
| 1208 |
|
---|
| 1209 | *****************CyaSSL version 0.5.0 (03/27/2006)
|
---|
| 1210 |
|
---|
| 1211 | This release of CyaSSL adds AES support and minor bug fixes.
|
---|
| 1212 |
|
---|
| 1213 | See notes below (0.2.0) for build instructions.
|
---|
| 1214 |
|
---|
| 1215 |
|
---|
| 1216 | *****************CyaSSL version 0.4.0 (03/15/2006)
|
---|
| 1217 |
|
---|
| 1218 | This release of CyaSSL adds TLSv1 client/server support and libtool.
|
---|
| 1219 |
|
---|
| 1220 | See notes below for build instructions.
|
---|
| 1221 |
|
---|
| 1222 |
|
---|
| 1223 | *****************CyaSSL version 0.3.0 (02/26/2006)
|
---|
| 1224 |
|
---|
| 1225 | This release of CyaSSL adds SSLv3 server support and session resumption.
|
---|
| 1226 |
|
---|
| 1227 | See notes below for build instructions.
|
---|
| 1228 |
|
---|
| 1229 |
|
---|
| 1230 | *****************CyaSSL version 0.2.0 (02/19/2006)
|
---|
| 1231 |
|
---|
| 1232 |
|
---|
| 1233 | This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL
|
---|
| 1234 | is written in ANSI C with the idea of a small code size, footprint, and memory
|
---|
| 1235 | usage in mind. CTaoCrypt can be as small as 32K, and the current client
|
---|
| 1236 | version of CyaSSL can be as small as 12K.
|
---|
| 1237 |
|
---|
| 1238 |
|
---|
| 1239 | The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer
|
---|
| 1240 | Support, RSA, ASN parsing, and basic x509 (en/de)coding.
|
---|
| 1241 |
|
---|
| 1242 | The first release of CyaSSL supports normal client RSA mode SSLv3 connections
|
---|
| 1243 | with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4.
|
---|
| 1244 |
|
---|
| 1245 |
|
---|
| 1246 | --To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
|
---|
| 1247 |
|
---|
| 1248 | ./configure
|
---|
| 1249 | make
|
---|
| 1250 |
|
---|
| 1251 | from the ./testsuite/ directory run ./testsuite
|
---|
| 1252 |
|
---|
| 1253 | to make a debug build:
|
---|
| 1254 |
|
---|
| 1255 | ./configure --enable-debug --disable-shared
|
---|
| 1256 | make
|
---|
| 1257 |
|
---|
| 1258 |
|
---|
| 1259 |
|
---|
| 1260 | --To build on Win32
|
---|
| 1261 |
|
---|
| 1262 | Choose (Re)Build All from the project workspace
|
---|
| 1263 |
|
---|
| 1264 | Run the testsuite program
|
---|
| 1265 |
|
---|
| 1266 |
|
---|
| 1267 |
|
---|
| 1268 | *** The next release of CyaSSL will support a server and more OpenSSL
|
---|
| 1269 | compatibility functions.
|
---|
| 1270 |
|
---|
| 1271 |
|
---|
| 1272 | Please send questions or comments to todd@wolfssl.com
|
---|
| 1273 |
|
---|