diff options
Diffstat (limited to 'doc/relnotes')
| -rw-r--r-- | doc/relnotes/1_11_0.txt | 77 |
1 files changed, 35 insertions, 42 deletions
diff --git a/doc/relnotes/1_11_0.txt b/doc/relnotes/1_11_0.txt index 6321eafbe..d8bc5515c 100644 --- a/doc/relnotes/1_11_0.txt +++ b/doc/relnotes/1_11_0.txt @@ -1,45 +1,38 @@ Version 1.11.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* The codebase has converted to C++11. Currently GCC 4.7 and Clang 3.1 - are known to work. - -* The MemoryVector and SecureVector container types have been removed. - An alias of std::vector using an allocator that clears memory named - secure_vector is used for key material, and std::vector is used for - everything else. - -* The method of mlocking memory is much improved, and if the process - can mlock memory then it will be used automatically. - -* The TLS interface is now non-blocking and does not directly interact - with sockets. An example TLS server using asio is included which - scales to at least 64 processors. - -* X509_Store has been removed. x509_path_validate in x509path.h now - handles path validation and Certificate_Store handles storage of - certificates and CRLs. - -* Add support for OCSP - -* TLS v1.2 is now supported - -* TLS now supports session resumption. Session information can be - saved in memory or to an encrypted SQLite database. - -* TLS renegotiation is now supported - -* TLS client authentication is now supported - -* TLS SRP and PSK ciphersuites are now supported - -* TLS session tickets are now supported - -* TLS ECDH key exchange and ECDSA certificates are now supported - -* Add support for SHA-2 ciphersuites - -* Add support for anonymous DH/ECDH ciphersuites - - - +In this release, many new features of C++11 are being used in the +library. Currently GCC 4.7 and Clang 3.1 are known to work. This +version of the library cannot be compiled by or used with a C++98 +compiler. + +There have been many changes and improvements to :doc:`TLS +<../tls>`. The interface is now purely event driven and does not +directly interact with sockets. New TLS features include TLS v1.2 +support, client certificate authentication, renegotiation, session +tickets, and session resumption. Session information can be saved in +memory or to an encrypted SQLite3 database. Newly supported TLS +ciphersuite algorithms include using SHA-2 for message authentication, +pre shared keys and SRP for authentication and key exchange, ECC +algorithms for key exchange and signatures, and anonymous DH/ECDH key +exchange. + +Support for :doc:`OCSP <../ocsp>` has been added. Currently only +client-side support exists. + +The API for X.509 path validation has changed, with +``x509_path_validate`` in x509path.h now handles path validation and +``Certificate_Store`` handles storage of certificates and CRLs. + +The memory container types have changed substantially. The +MemoryVector and SecureVector container types have been removed, and +an alias of std::vector using an allocator that clears memory named +secure_vector is used for key material, with std::vector being used +for everything else. + +The technique used for mlock'ing memory on Linux and BSD systems is +much improved. Now a single page-aligned block of memory (the exact +limit of what we can mlock) is mmap'ed, with allocations being done +using a best-fit allocator and all metadata held outside the mmap'ed +range, in an effort to make best use of the very limited amount of +memory current Linux kernels allow unpriveledged users to lock. |