| Age | Commit message (Expand) | Author |
|---|
| 2017-01-22 | Move most of the SSL3_STATE fields to internal - the ones that remain are | Joel Sing |
| 2017-01-22 | Move ALPN and NPN fields from SSL/SSL_CTX to internal. | Joel Sing |
| 2017-01-22 | Move internal parts of ssl_session_st to internal | Bob Beck |
| 2016-12-21 | Add support for ECDHE with X25519. | Joel Sing |
| 2016-12-18 | Convert ssl3_get_server_hello() to CBS. | Joel Sing |
| 2016-11-05 | Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve() | Joel Sing |
| 2016-10-19 | Remove support for fixed ECDH cipher suites - these is not widely supported | Joel Sing |
| 2016-10-02 | Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() | Philip Guenther |
| 2016-10-02 | Detect zero-length encrypted session data early, instead of when malloc(0) | Philip Guenther |
| 2016-09-22 | Avoid unbounded memory growth, which can be triggered by a client | Joel Sing |
| 2016-09-22 | Improve ticket validity checking when tlsext_ticket_key_cb() callback | Philip Guenther |
| 2016-08-27 | Be more strict when parsing TLS extensions. | Joel Sing |
| 2016-05-30 | deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final. | Bob Beck |
| 2016-03-10 | http -> https for a few more IETF URLs in comments or man pages | Michael McConville |
| 2015-09-12 | Remove most of the SSLv3 version checks and a few TLS v1.0. | Doug Hogan |
| 2015-09-01 | Remove the ssl_prepare_{client,server}hello_tlsext() functions, which are | Joel Sing |
| 2015-08-19 | Properly handle missing TLS extensions in client hello as a non-failure. | Brent Cook |
| 2015-07-24 | Convert tls1_process_ticket to CBS. | Doug Hogan |
| 2015-07-24 | Convert tls1_process_sigalgs to CBS. | Doug Hogan |
| 2015-07-19 | Allow *_free() functions in libssl to handle NULL input. | Doug Hogan |
| 2015-07-17 | Remove compat hack that disabled ECDHE-ECDSA on OS X. | Doug Hogan |
| 2015-06-19 | Convert tls1_alpn_handle_client_hello() to CBS. | Doug Hogan |
| 2015-06-17 | Convert ssl_next_proto_validate to CBS. | Doug Hogan |
| 2015-06-17 | Convert tls1_check_curve to CBS. | Doug Hogan |
| 2015-03-02 | Fix a minor information leak that was introduced in t1_lib.c r1.71, whereby | Joel Sing |
| 2014-12-14 | unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndef | Joel Sing |
| 2014-12-10 | Remove support for GOST R 34.10-94 signature authentication, along with | Joel Sing |
| 2014-12-10 | Add support for ALPN. | Joel Sing |
| 2014-12-06 | Use appropriate internal types for EC curves and formats, rather than | Joel Sing |
| 2014-12-06 | Ensure that the client specified EC curve list length is a multiple of two. | Joel Sing |
| 2014-12-06 | Fix two cases where it is possible to read one or two bytes past the end of | Joel Sing |
| 2014-12-02 | Add brainpool curves to eccurves_default[], accidentally missing from 1.32; | Miod Vallat |
| 2014-11-18 | Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov. | Miod Vallat |
| 2014-11-03 | only call SRTP (whatever that is) functions when the connection type is | Ted Unangst |
| 2014-10-18 | Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). | Joel Sing |
| 2014-10-15 | Only require an EC public key in tls1_set_ec_id(), if we need to provide | Joel Sing |
| 2014-10-05 | Use more specific curves/formats naming for local variables in | Joel Sing |
| 2014-10-05 | Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather than | Joel Sing |
| 2014-10-05 | Make tls1_get_formatlist() behave the same as tls1_get_curvelist() and | Joel Sing |
| 2014-10-03 | Add support for automatic ephemeral EC keys. | Joel Sing |
| 2014-09-30 | Clean up EC cipher handling in ssl3_choose_cipher(). | Joel Sing |
| 2014-09-27 | Check that the specified curve is one of the client preferences. | Joel Sing |
| 2014-09-26 | Now that we have a static version of the default EC formats, also use it | Joel Sing |
| 2014-09-22 | Refactor and simplify the ECC extension handling. The existing code | Joel Sing |
| 2014-09-21 | Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, which | Joel Sing |
| 2014-08-07 | Correct test reversed during merge of fix for CVE-2014-3509 | Philip Guenther |
| 2014-08-06 | merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther | Theo de Raadt |
| 2014-07-13 | Expand the tlsext_sigalg macros. The end result is about the same number | Joel Sing |
| 2014-07-13 | The bell tolls for BUF_strdup - Start the migration to using | Bob Beck |
| 2014-07-12 | The correct name for EDH is DHE, likewise EECDH should be ECDHE. | Joel Sing |
