Apr 14, 2015
Many changes and improvements are included in this release that are not detailed below. Please see the Release Notes included in the package for a full list of changes.
- Default Ciphers -
Four default ciphers are now enabled: TLS_RSA_WITH_AES_[128,256]_CBC_[SHA,SHA256]
- Disabled Ciphers -
3DES ciphers join RC4 in the disabled by default ciphers list. PKCS5 and PKCS8 password protected private key parsing are not enabled by default.
- Compile Options -
For Linux, OS X and Windows platforms, -O3 is now the default optimization level. Assembly language optimizations are always enabled on all supported platforms. Algorithm optimizations trading size for speed now default to speed, unless compiling without optimizations (-O0) or optimizing for size (-Os).
- Static Libraries -
Static libraries have been renamed. Please see detailed release notes for more info.
- Stack Zeroing -
BURN_STACK is enabled by default to clear sensitive data from the stack. In addition, memset_s() is now used to ensure that the compiler does not optimize away the memset of local stack variables. This change and other compiler warnings were suggested by Pavel Pimenov using PVS-Studio and Cppcheck. The issues are listed in this blog post and all have been fixed: http://www.viva64.com/en/b/0304/
- X.509 Certificates -
Improved certificate date validation, as well as distinguished name and key usage fields for older certificates.
- ECC Key Generation -
Now ensuring random number is less than the order value when performing ECDH key generation.