Overview

File openssl.changes of Package openssl-custom

-------------------------------------------------------------------
Tue Oct 14 20:01:52 UTC 2025 - Martin Stibor <martin.von.reichenberg@proton.me>

- Initial (re-)upload of Open SSL - 3.6.0 into Open Build Service (OBS);
  Supporting various Linux Distributions
- Update to the latest upstream stable version - 3.6.0
- What's new at version 3.6.0:
 * Added NIST security categories for PKEY objects.
 * Added support for EVP_SKEY opaque symmetric key objects to the key
   derivation and key exchange provider methods.
   Added EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(),
   and EVP_PKEY_derive_SKEY() functions.
 * Added LMS signature verification support as per SP 800-208.
 * This support is present in both the FIPS and default providers.
 * An ANSI-C toolchain is no longer sufficient for building OpenSSL.
 * The code should be built using compilers supporting C-99 features.
 * Support for the VxWorks platforms has been removed.
 * Added an openssl configutl utility for processing the OpenSSL configuration file and dumping the equal configuration file.
 * Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider.
 * Deprecated EVP_PKEY_ASN1_METHOD-related functions.

- Update to the latest upstream stable version - 3.5.0
- What's new at version 3.5.0:
 * Changed default encryption cipher for req, cms,
   and smime applications from des-ede3-cbc to aes-256-cbc
 * Updated default TLS supported groups list to include
   and prefer hybrid PQC KEM groups, removed some unused groups
 * Changed default TLS keyshares to offer X25519MLKEM768 and X25519
 * Deprecated all BIO_meth_get_*() functions
 * Added configuration option no-tls-deprecated-ec
   to disable support for TLS groups deprecated in RFC8422
 * Added configuration option enable-fips-jitter
   to use JITTER seed source in FIPS provider
   (non-compliant unless validated)

- Update to a later upstream stabl version - 3.3.3
- What's new at version 3.3.3:
 * Fixed RFC7250 handshakes with unauthenticated servers
   not aborting as expected
 * Fixed timing side-channel in ECDSA signature computation
 * Fixed possible out-of-bounds memory access
   with invalid GF(2^m) elliptic curve parameters

- Update to a later upstream stable version - 3.2.4
- What's new at version 3.2.4:
 * Fixed RFC7250 handshakes with unauthenticated servers
   not aborting as expected
 * Fixed timing side-channel in ECDSA signature computation

- Update to a later upstream stable version - 3.0.0
- What's new at version 3.0.0:
 * Fixed incorrect handling of OCSP response verification
   with -no_cert_checks option
 * Fixed RC4-MD5 ciphersuite using AAD data as MAC key,
   allowing predictable MAC in man-in-the-middle attacks
 * Fixed segmentation fault in SSL_check_chain()
   during TLS 1.3 handshake with invalid signature algorithms
 * Revised BN_generate_prime_ex to avoid fingerprinting
   2-prime vs 3-prime RSA keys by computing N mod

- Update to a later upstream stable version - 3.0.x (selected changes)
- What's new at version 3.6.x:
 * Added feature to retrieve configured TLS signature algorithms
   via openssl list command
 * Deprecated TS_VERIFY_CTX_set_* functions, added TS_VERIFY_CTX_set0_*
   replacements with improved semantics
 * Redesigned Windows OPENSSLDIR/ENGINESDIR/MODULESDIR to use
   registry keys for runtime configuration
 * Added -not_before and -not_after options for setting certificate
   start and end dates in req, x509, and ca commands
 * Changed default hash function for HMAC in openssl speed
   from md5 to sha256
 * Added SSL_OP_PREFER_NO_DHE_KEX option for TLS1.3 servers
   to prefer PSK-only key exchange
 * Added SSL_write_ex2 API for optimized end-of-stream handling
   with QUIC
openSUSE Build Service is sponsored by
Places