Diffstat (limited to 'README')
1 files changed, 52 insertions, 126 deletions
@@ -1,7 +1,7 @@
- OpenSSL 1.0.2d 9 Jul 2015
+ OpenSSL 1.0.2e 3 Dec 2015
- Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -10,17 +10,17 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
+ Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
+ well as a full-strength general purpose cryptograpic library. The project is
+ managed by a worldwide community of volunteers that use the Internet to
+ communicate, plan, and develop the OpenSSL toolkit and its related
- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license) situation, which basically means
- that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
@@ -28,90 +28,39 @@
The OpenSSL toolkit includes:
- Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
- both SSLv2, SSLv3 and TLSv1 in the one server and client.
+ Provides the client and server-side implementations for SSLv3 and TLS.
- General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
- actually logically part of it. It includes routines for the following:
- libdes - EAY's libdes DES encryption package which was floating
- around the net for a few years, and was then relicensed by
- him as part of SSLeay. It includes 15 'modes/variations'
- of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
- pcbc and a more general form of cfb and ofb) including desx
- in cbc mode, a fast crypt(3), and routines to read
- passwords from the keyboard.
- RC4 encryption,
- RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
- Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
- IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
- MD5 and MD2 message digest algorithms, fast implementations,
- SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is popular on smart cards.
- Public Key
- RSA encryption/decryption/generation.
- There is no limit on the number of bits.
- DSA encryption/decryption/generation.
- There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
- There is no limit on the number of bits.
- X.509v3 certificates
- X509 encoding/decoding into/from binary ASN1 and a PEM
- based ASCII-binary encoding which supports encryption with a
- private key. Program to generate RSA and DSA certificate
- requests and to generate RSA and DSA certificates.
- The normal digital envelope routines and base64 encoding. Higher
- level access to ciphers and digests by name. New ciphers can be
- loaded at run time. The BIO io system which is a simple non-blocking
- IO abstraction. Current methods supported are file descriptors,
- sockets, socket accept, socket connect, memory buffer, buffering, SSL
- client/server, file pointer, encryption, digest, non-blocking testing
- and null.
- Data structures
- A dynamically growing hashing system
- A simple stack.
- A Configuration loader that uses a format similar to MS .ini files.
+ Provides general cryptographic and X.509 support needed by SSL/TLS but
+ not logically part of it.
A command line tool that can be used for:
- Creation of RSA, DH and DSA key parameters
+ Creation of key parameters
Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
+ Calculation of message digests
+ Encryption and decryption
+ SSL/TLS client and server tests
Handling of S/MIME signed or encrypted mail
+ And more...
- To install this package under a Unix derivative, read the INSTALL file. For
- a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
- Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions; you will probably have to look at the code to work out
- how to use them. Look at the example programs.
- For some platforms, there are some known problems that may affect the user
- or application author. We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
+ See the appropriate file:
+ INSTALL Linux, Unix, etc.
+ INSTALL.DJGPP DOS platform with DJGPP
+ INSTALL.NW Netware
+ INSTALL.OS2 OS/2
+ INSTALL.VMS VMS
+ INSTALL.W32 Windows (32bit)
+ INSTALL.W64 Windows (64bit)
+ INSTALL.WCE Windows CE
- See the OpenSSL website www.openssl.org for details of how to obtain
+ See the OpenSSL website www.openssl.org for details on how to obtain
commercial technical support.
If you have any problems with OpenSSL then please take the following steps
@@ -137,56 +86,33 @@
Email the report to:
+ In order to avoid spam, this is a moderated mailing list, and it might
+ take a day for the ticket to show up. (We also scan posts to make sure
+ that security disclosures aren't publically posted by mistake.) Mail to
+ this address is recorded in the public RT (request tracker) database (see
+ https://www.openssl.org/support/rt.html for details) and also forwarded
+ the public openssl-dev mailing list. Confidential mail may be sent to
+ email@example.com (PGP key available from the key servers).
- Note that the request tracker should NOT be used for general assistance
- or support queries. Just because something doesn't work the way you expect
- does not mean it is necessarily a bug in OpenSSL.
+ Please do NOT use this for general assistance or support queries.
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL.
- Note that mail to firstname.lastname@example.org is recorded in the public
- request tracker database (see https://www.openssl.org/support/rt.html
- for details) and also forwarded to a public mailing list. Confidential
- mail may be sent to email@example.com (PGP key available from
- the key servers).
+ You can also make GitHub pull requests. If you do this, please also send
+ mail to firstname.lastname@example.org with a link to the PR so that we can more easily
+ keep track of it.
HOW TO CONTRIBUTE TO OpenSSL
- Development is coordinated on the openssl-dev mailing list (see
- http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to email@example.com with
- the string "[PATCH]" in the subject. Please be sure to include a
- textual explanation of what your patch does.
- If you are unsure as to whether a feature will be useful for the general
- OpenSSL community please discuss it on the openssl-dev mailing list first.
- Someone may be already working on the same thing or there may be a good
- reason as to why that feature isn't implemented.
- Patches should be as up to date as possible, preferably relative to the
- current Git or the last snapshot. They should follow the coding style of
- OpenSSL and compile without warnings. Some of the core team developer targets
- can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
- compiles on many varied platforms: try to ensure you only use portable
- Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to firstname.lastname@example.org
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
- please take some time to look at
- http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
- for the details. If "your encryption source code is too large to serve as
- an email attachment", they are glad to receive it by fax instead; hope you
- have a cheap long-distance plan.
- Our preferred format for changes is "diff -u" output. You might
- generate it like this:
- # cd openssl-work
- # [your changes]
- # ./Configure dist; make clean
- # cd ..
- # diff -ur openssl-orig openssl-work > mydiffs.patch
+ See CONTRIBUTING
+ A number of nations, in particular the U.S., restrict the use or export
+ of cryptography. If you are potentially subject to such restrictions
+ you should seek competent professional legal advice before attempting to
+ develop or distribute cryptographic code.