OpenSSL 1.0.1 Branch Release notes

The major changes and known issues for the 1.0.1 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

Additional details of changes can be found in the ChangeLog for OpenSSL 1.0.1.

A complete list of changes to OpenSSL 1.0.1 can be found in the git repository commit log.

Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [under development]

Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]

Fix for CVE-2014-3513
Fix for CVE-2014-3567
Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
Fix for CVE-2014-3568

Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]

Fix for CVE-2014-3512
Fix for CVE-2014-3511
Fix for CVE-2014-3510
Fix for CVE-2014-3507
Fix for CVE-2014-3506
Fix for CVE-2014-3505
Fix for CVE-2014-3509
Fix for CVE-2014-5139
Fix for CVE-2014-3508

Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]

Fix for CVE-2014-0224
Fix for CVE-2014-0221
Fix for CVE-2014-0198
Fix for CVE-2014-0195
Fix for CVE-2014-3470
Fix for CVE-2010-5298

Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]

Fix for CVE-2014-0160
Add TLS padding extension workaround for broken servers.
Fix for CVE-2014-0076

Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]

Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450

Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:

Corrected fix for CVE-2013-0169

Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:

Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
Include the fips configuration module.
Fix OCSP bad key DoS attack CVE-2013-0166
Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
Fix for TLS AESNI record handling flaw CVE-2012-2686

Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:

Fix TLS/DTLS record length checking bug CVE-2012-2333
Don't attempt to use non-FIPS composite ciphers in FIPS mode.

Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:

Fix compilation error on non-x86 platforms.
Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0

Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:

Fix for ASN1 overflow bug CVE-2012-2110
Workarounds for some servers that hang on long client hellos.
Fix SEGV in AES code.

Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:

TLS/DTLS heartbeat support.
SCTP support.
RFC 5705 TLS key material exporter.
RFC 5764 DTLS-SRTP negotiation.
Next Protocol Negotiation.
PSS signatures in certificates, requests and CRLs.
Support for password based recipient info for CMS.
Support TLS v1.2 and TLS v1.1.
Preliminary FIPS capability for unvalidated 2.0 FIPS module.
SRP support.