[openssl-project] Monthly Status Report (September)

Matt Caswell matt at openssl.org
Mon Oct 1 17:19:50 UTC 2018


As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Spent the week starting 3rd September attending the OpenSSL FIPS
summit in Brisbane. Working on the OpenSSL strategy for FIPS and the
design of the new module.
- Clarified the documentation for the return values of SSL_client_version()
- Fixed the handling of session tickets following a resumption with an
external PSK, i.e. we treat it like a resumption and send one ticket
back to the client
- Updated and merged the fix for handling applications with clients that
only write/servers that only read to avoid EPIPE while sending the new
session tickets
- Fix a problem where we were attempting to use an RSA-PSS cert for key
exchange
- A lot of work tracking and managing the release criteria status in the
lead up to the 1.1.1 release
- Performed the 1.1.1 release
- Merged fixes for the EVP_DigestSign* docs
- Updates to enable processing of NewSessionTickets and KeyUpdate
messages even after we've sent a close_notify
- Fixed a doc error wrt SSL_set_post_handshake_auth()
- Wrote an published a blog entry about the 1.1.1 release
- Fixed a bug in certificate callbacks when used with TLSv1.3
- Fixed a bug where SNI data can get reset mid-handshake
- Fixed a number of issues identified by Coverity
- Improve documentation around the -early_data option to s_server, and
make sure we error out if attempting to use it in conjunction with -www
- Significant and ongoing work on the OpenSSL Strategy and FIPS design
documents
- Fixed a bug with SNI in 1.1.1
- Fixed a bug with max psk len for TLSv1.3
- Fixed some no-* options


Matt


More information about the openssl-project mailing list