| *** Notes, Please read *** |
| |
| Note 1) |
| CyaSSL now needs all examples and tests to be run from the CyaSSL home |
| directory. This is because it finds certs and keys from ./certs/. Trying to |
| maintain the ability to run each program from its own directory, the testsuite |
| directory, the main directory (for make check/test), and for the various |
| different project layouts (with or without config) was becoming harder and |
| harder. Now to run testsuite just do: |
| |
| ./testsuite/testsuite |
| |
| or |
| |
| make test (when using autoconf) |
| |
| On *nix or Windows the examples and testsuite will check to see if the current |
| directory is the source directory and if so, attempt to change to the CyaSSL |
| home directory. This should work in most setup cases, if not, just follow the |
| beginning of the note and specify the full path. |
| |
| |
| Note 2) |
| CyaSSL takes a different approach to certificate verification than OpenSSL does. |
| The default policy for the client is to verify the server, this means that if |
| you don't load CAs to verify the server you'll get a connect error, unable to |
| verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect |
| succeed even if verifying the server fails and reducing security you can do |
| this by calling: |
| |
| SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); |
| |
| before calling SSL_new(); Though it's not recommended. |
| |
| *** end Note *** |
| |
| CyaSSL Release 2.3.0 (8/10/2012) |
| |
| Release 2.3.0 CyaSSL has bug fixes and a few new features including: |
| - AES-GCM crypto and cipher suites |
| - make test cipher suite checks |
| - Subject AltName processing |
| - Command line support for client/server examples |
| - Sniffer SessionTicket support |
| - SHA-384 cipher suites |
| - Verify cipher suite validity when user overrides |
| - CRL dir monitoring |
| - DTLS Cookie support, reliability coming soon |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| |
| |
| ***************CyaSSL Release 2.2.0 (5/18/2012) |
| |
| Release 2.2.0 CyaSSL has bug fixes and a few new features including: |
| - Initial CRL support (--enable-crl) |
| - Initial OCSP support (--enable-ocsp) |
| - Add static ECDH suites |
| - SHA-384 support |
| - ECC client certificate support |
| - Add medium session cache size (1055 sessions) |
| - Updated unit tests |
| - Protection against mutex reinitialization |
| |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| |
| |
| ***************CyaSSL Release 2.0.8 (2/24/2012) |
| |
| Release 2.0.8 CyaSSL has bug fixes and a few new features including: |
| - A fix for malicious certificates pointed out by Remi Gacogne (thanks) |
| resulting in NULL pointer use. |
| - Respond to renegotiation attempt with no_renegoatation alert |
| - Add basic path support for load_verify_locations() |
| - Add set Temp EC-DHE key size |
| - Extra checks on rsa test when porting into |
| |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| |
| |
| ************* CyaSSL Release 2.0.6 (1/27/2012) |
| |
| Release 2.0.6 CyaSSL has bug fixes and a few new features including: |
| - Fixes for CA basis constraint check |
| - CTX reference counting |
| - Initial unit test additions |
| - Lean and Mean Windows fix |
| - ECC benchmarking |
| - SSMTP build support |
| - Ability to group handshake messages with set_group_messages(ctx/ssl) |
| - CA cache addition callback |
| - Export Base64_Encode for general use |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| |
| |
| ************* CyaSSL Release 2.0.2 (12/05/2011) |
| |
| Release 2.0.2 CyaSSL has bug fixes and a few new features including: |
| - CTaoCrypt Runtime library detection settings when directly using the crypto |
| library |
| - Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation |
| - All test certificates now use 2048bit and SHA-1 for better modern browser |
| support |
| - Direct AES block access and AES-CTR (counter) mode |
| - Microchip pic32 support |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| |
| |
| ************* CyaSSL Release 2.0.0rc3 (9/28/2011) |
| |
| Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: |
| - updated autoconf support |
| - better make install and uninstall (uses system directories) |
| - make test / make check |
| - CyaSSL headers now in <cyassl/*.h> |
| - CTaocrypt headers now in <cyassl/ctaocrypt/*.h> |
| - OpenSSL compatibility headers now in <cyassl/openssl/*.h> |
| - examples and tests all run from home diretory so can use certs in ./certs |
| (see note 1) |
| |
| So previous applications that used the OpenSSL compatibility header |
| <openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other |
| changes are required. |
| |
| Special Thanks to Brian Aker for his autoconf, install, and header patches. |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| ************CyaSSL Release 2.0.0rc2 (6/6/2011) |
| |
| Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: |
| - bug fixes (Alerts, DTLS with DHE) |
| - FreeRTOS support |
| - lwIP support |
| - Wshadow warnings removed |
| - asn public header |
| - CTaoCrypt public headers now all have ctc_ prefix (the manual is still being |
| updated to relfect this change) |
| - and more. |
| |
| This is the 2nd and perhaps final release candidate for version 2. |
| Please send any comments or questions to support@yassl.com. |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| ***********CyaSSL Release 2.0.0rc1 (5/2/2011) |
| |
| Release 2.0.0rc1 for CyaSSL has many new features including: |
| - bug fixes |
| - SHA-256 cipher suites |
| - Root Certificate Verification (instead of needing all certs in the chain) |
| - PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) |
| - Serial number retrieval for x509 |
| - PBKDF2 and PKCS #12 PBKDF |
| - UID parsing for x509 |
| - SHA-256 certificate signatures |
| - Client and server can send chains (SSL_CTX_use_certificate_chain_file) |
| - CA loading can now parse multiple certificates per file |
| - Dynamic memory runtime hooks |
| - Runtime hooks for logging |
| - EDH on server side |
| - More informative error codes |
| - More informative logging messages |
| - Version downgrade more robust (use SSL_v23*) |
| - Shared build only by default through ./configure |
| - Compiler visibility is now used, internal functions not polluting namespace |
| - Single Makefile, no recursion, for faster and simpler building |
| - Turn on all warnings possible build option, warning fixes |
| - and more. |
| |
| Because of all the new features and the multiple OS, compiler, feature-set |
| options that CyaSSL allows, there may be some configuration fixes needed. |
| Please send any comments or questions to support@yassl.com. |
| |
| The CyaSSL manual is available at: |
| http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions |
| and comments about the new features please check the manual. |
| |
| ****************** CyaSSL Release 1.9.0 (3/2/2011) |
| |
| Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and |
| better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, |
| improper AES key setup detection, user cert verify callback improvements, and |
| more. |
| |
| The CyaSSL manual offering is included in the doc/ directory. For build |
| instructions and comments about the new features please check the manual. |
| |
| Please send any comments or questions to support@yassl.com. |
| |
| ****************** CyaSSL Release 1.8.0 (12/23/2010) |
| |
| Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate |
| generation, a C standard library abstraction layer, lower memory use, increased |
| portability through the os_settings.h file, and the ability to use NTRU cipher |
| suites when used in conjunction with an NTRU license and library. |
| |
| The initial CyaSSL manual offering is included in the doc/ directory. For |
| build instructions and comments about the new features please check the manual. |
| |
| Please send any comments or questions to support@yassl.com. |
| |
| Happy Holidays. |
| |
| |
| ********************* CyaSSL Release 1.6.5 (9/9/2010) |
| |
| Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate |
| generation. |
| |
| For general build instructions see doc/Building_CyaSSL.pdf. |
| |
| To enable certificate generation support add this option to ./configure |
| ./configure --enable-certgen |
| |
| An example is included in ctaocrypt/test/test.c and documentation is provided |
| in doc/CyaSSL_Extensions_Reference.pdf item 11. |
| |
| ********************** CyaSSL Release 1.6.0 (8/27/2010) |
| |
| Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key |
| generation. |
| |
| For general build instructions see doc/Building_CyaSSL.pdf. |
| |
| To add RIPEMD-160 support add this option to ./configure |
| ./configure --enable-ripemd |
| |
| To add SHA-512 support add this option to ./configure |
| ./configure --enable-sha512 |
| |
| To add RSA key generation support add this option to ./configure |
| ./configure --enable-keygen |
| |
| Please see ctaocrypt/test/test.c for examples and usage. |
| |
| For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is |
| off by default. To turn key generation on add the define CYASSL_KEY_GEN to |
| CyaSSL. |
| |
| |
| ************* CyaSSL Release 1.5.6 (7/28/2010) |
| |
| Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, |
| and a fix for GCC builds on some systems. |
| |
| For general build instructions see doc/Building_CyaSSL.pdf. |
| |
| To add AES-NI support add this option to ./configure |
| ./configure --enable-aesni |
| |
| You'll need GCC 4.4.3 or later to make use of the assembly. |
| |
| ************** CyaSSL Release 1.5.4 (7/7/2010) |
| |
| Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed |
| improvements from loop unrolling, and support for the Mongoose Web Server. |
| |
| For general build instructions see doc/Building_CyaSSL.pdf. |
| |
| To add AES-NI support add this option to ./configure |
| ./configure --enable-aesni |
| |
| You'll need GCC 4.4.3 or later to make use of the assembly. |
| |
| *************** CyaSSL Release 1.5.0 (5/11/2010) |
| |
| Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer |
| support, and initial swig interface support. |
| |
| For general build instructions see doc/Building_CyaSSL.pdf. |
| |
| To add support for GoAhead WebServer either --enable-opensslExtra or if you |
| don't want all the features of opensslExtra you can just define GOAHEAD_WS |
| instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or |
| you can define it yourself. |
| |
| To look at the sniffer support please see the sniffertest app in |
| sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the |
| vcproj files on windows. You'll need to have pcap installed on *nix and |
| WinPcap on windows. |
| |
| A swig interface file is now located in the swig directory for using Python, |
| Java, Perl, and others with CyaSSL. This is initial support and experimental, |
| please send questions or comments to support@yassl.com. |
| |
| When doing load testing with CyaSSL, on the echoserver example say, the client |
| machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT |
| queue, and can't be reused by default. There are generally two ways to fix |
| this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow |
| items on the TIME_WAIT queue to be reused. |
| |
| |
| To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) |
| |
| sudo sysctl -w net.inet.tcp.msl=3000 |
| |
| In Linux |
| |
| sudo sysctl -w net.ipv4.tcp_tw_reuse=1 |
| |
| allows reuse of sockets in TIME_WAIT |
| |
| sudo sysctl -w net.ipv4.tcp_tw_recycle=1 |
| |
| works but seems to remove sockets from TIME_WAIT entirely? |
| |
| sudo sysctl -w net.ipv4.tcp_fin_timeout=1 |
| |
| doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts |
| |
| |
| ******************** CyaSSL Release 1.4.0 (2/18/2010) |
| |
| Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support |
| through SSLv23_server_method(), and improved documentation in the doc/ folder. |
| |
| For general build instructions doc/Building_CyaSSL.pdf. |
| |
| ******************** CyaSSL Release 1.3.0 (1/21/2010) |
| |
| Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, |
| better porting support, removal of assert()s, and a complete THREADX port. |
| |
| For general build instructions see rc1 below. |
| |
| ******************** CyaSSL Release 1.2.0 (11/2/2009) |
| |
| Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is |
| read or write. |
| |
| For general build instructions see rc1 below. |
| |
| ******************** CyaSSL Release 1.1.0 (9/2/2009) |
| |
| Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session |
| cache use, support for lighttpd, and TLS 1.2. |
| |
| To get TLS 1.2 support please use the client and server functions: |
| |
| SSL_METHOD *TLSv1_2_server_method(void); |
| SSL_METHOD *TLSv1_2_client_method(void); |
| |
| CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with |
| lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>: |
| |
| ./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib |
| |
| make |
| make openssl-links |
| |
| Then to build lighttpd with CyaSSL use the following commands from the |
| lighttpd install dir: |
| |
| ./configure --with-openssl --with-openssl-includes=<CyaSSLDir>/include --with-openssl-libs=<CyaSSLDir>/lib LDFLAGS=-lm |
| |
| make |
| |
| On some systems you may get a linker error about a duplicate symbol for |
| MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file |
| md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. |
| When liblightcomp is linked with the SSL_LIBs the linker may complain about |
| the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c |
| and adding this line to the beginning of the file: |
| |
| #if 0 |
| |
| and this line to the end of the file |
| |
| #endif |
| |
| Then from the lighttpd src dir do a: |
| |
| make clean |
| make |
| |
| |
| If you get link errors about undefined symbols more than likely the actual |
| OpenSSL libraries are found by the linker before the CyaSSL openssl-links that |
| point to the CyaSSL library, causing the linker confusion. This can be fixed |
| by editing the Makefile in the lighttpd src directory and changing the line: |
| |
| SSL_LIB = -lssl -lcrypto |
| |
| to |
| |
| SSL_LIB = -lcyassl |
| |
| Then from the lighttpd src dir do a: |
| |
| make clean |
| make |
| |
| This should remove any confusion the linker may be having with missing symbols. |
| |
| For any questions or concerns please contact support@yassl.com . |
| |
| For general build instructions see rc1 below. |
| |
| ******************CyaSSL Release 1.0.6 (8/03/2009) |
| |
| Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster |
| math with a huge code option. |
| |
| The session cache now defaults to a client mode, also good for embedded servers. |
| For servers not under heavy load (less than 200 new sessions per minute), define |
| BIG_SESSION_CACHE. If the server will be under heavy load, define |
| HUGE_SESSION_CACHE. |
| |
| There is now a fasthugemath option for configure. This enables fastmath plus |
| even faster math by greatly increasing the code size of the math library. Use |
| the benchmark utility to compare public key operations. |
| |
| |
| For general build instructions see rc1 below. |
| |
| ******************CyaSSL Release 1.0.3 (5/10/2009) |
| |
| Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL |
| compatibility when building other applications. |
| |
| Release 1.0.3 includes an alpha release of DTLS for both client and servers. |
| This is only for testing purposes at this time. Rebroadcast and reordering |
| aren't fully implemented at this time but will be for the next release. |
| |
| For general build instructions see rc1 below. |
| |
| ******************CyaSSL Release 1.0.2 (4/3/2009) |
| |
| Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems |
| will send a SIGPIPE on socket recv() at any time and this should be handled by |
| the application by turning off SIGPIPE through setsockopt() or returning from |
| the handler. |
| |
| Release 1.0.2 includes an alpha release of DTLS for both client and servers. |
| This is only for testing purposes at this time. Rebroadcast and reordering |
| aren't fully implemented at this time but will be for the next release. |
| |
| For general build instructions see rc1 below. |
| |
| *****************CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009) |
| |
| |
| Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for |
| iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root |
| directory. This release also includes a fix for supporting other |
| implementations that bundle multiple messages at the record layer, this was |
| lost when cyassl i/o was re-implemented but is now fixed. |
| |
| For general build instructions see rc1 below. |
| |
| *****************CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009) |
| |
| |
| Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream |
| ciphers along with their respective cipher suites. CyaSSL adds support for |
| HC-128 and RABBIT stream ciphers. The new suites are: |
| |
| TLS_RSA_WITH_HC_128_CBC_SHA |
| TLS_RSA_WITH_RABBIT_CBC_SHA |
| |
| And the corresponding cipher names are |
| |
| HC128-SHA |
| RABBIT-SHA |
| |
| CyaSSL also adds support for building with devkitPro for PPC by changing the |
| library proper to use libogc. The examples haven't been changed yet but if |
| there's interest they can be. Here's an example ./configure to build CyaSSL |
| for devkitPro: |
| |
| ./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" |
| |
| For linking purposes you'll need |
| |
| LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" |
| |
| For general build instructions see rc1 below. |
| |
| |
| ********************CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008) |
| |
| |
| Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several |
| areas have optimization improvements, less dynamic memory use, and the I/O |
| strategy has been refactored to allow alternate I/O handling or Library use. |
| Many thanks to Thierry Fournier for providing these ideas and most of the work. |
| |
| Because of these changes, this release is only a candidate since some problems |
| are probably inevitable on some platform with some I/O use. Please report any |
| problems and we'll try to resolve them as soon as possible. You can contact us |
| at support@yassl.com or todd@yassl.com. |
| |
| Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly |
| on some platforms. This is new so please report any problems as every compiler, |
| mode, OS combination hasn't been tested. On ia32 all of the registers need to |
| be available so be sure to pass these options to CFLAGS: |
| |
| CFLAGS="-O3 -fomit-frame-pointer" |
| |
| OS X will also need -mdynamic-no-pic added to CFLAGS |
| |
| Also if you're building in shared mode for ia32 you'll need to pass options to |
| LDFLAGS as well on OS X: |
| |
| LDFLAGS=-Wl,-read_only_relocs,warning |
| |
| This gives warnings for some symbols but seems to work. |
| |
| |
| --To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: |
| |
| ./configure |
| make |
| |
| from the ./testsuite/ directory run ./testsuite |
| |
| to make a debug build: |
| |
| ./configure --enable-debug --disable-shared |
| make |
| |
| |
| |
| --To build on Win32 |
| |
| Choose (Re)Build All from the project workspace |
| |
| Run the testsuite program |
| |
| |
| |
| |
| |
| *************************CyaSSL version 0.9.9 (7/25/2008) |
| |
| This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory |
| handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the |
| work on TomsFastMath. |
| |
| To optionally use TomsFastMath pass --enable-fastmath to ./configure |
| Or define USE_FAST_MATH in each project from CyaSSL for MSVC. |
| |
| Please use the benchmark routine before and after to see the performance |
| difference, on some platforms the gains will be little but RSA encryption |
| always seems to be faster. On x86-64 machines with GCC the normal math library |
| may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't |
| yet use -m64 because of GCCs inability to do 128bit division. |
| |
| **** UPDATE GCC 4.2.1 can now do 128bit division *** |
| |
| See notes below (0.2.0) for complete build instructions. |
| |
| |
| ****************CyaSSL version 0.9.8 (5/7/2008) |
| |
| This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better |
| socket handling. |
| |
| See notes below (0.2.0) for complete build instructions. |
| |
| |
| ****************CyaSSL version 0.9.6 (1/31/2008) |
| |
| This release of CyaSSL adds bug fixes, increased session management, and a fix |
| for gnutls. |
| |
| See notes below (0.2.0) for complete build instructions. |
| |
| |
| ****************CyaSSL version 0.9.0 (10/15/2007) |
| |
| This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, |
| IPV6 support and test, and new test certificates. |
| |
| See notes below (0.2.0) for complete build instructions. |
| |
| |
| ****************CyaSSL version 0.8.0 (1/10/2007) |
| |
| This release of CyaSSL adds increased socket support, for non-blocking writes, |
| connects, and interrupted system calls. |
| |
| See notes below (0.2.0) for complete build instructions. |
| |
| |
| ****************CyaSSL version 0.6.3 (10/30/2006) |
| |
| This release of CyaSSL adds debug logging to stderr to aid in the debugging of |
| CyaSSL on systems that may not provide the best support. |
| |
| If CyaSSL is built with debugging support then you need to call |
| CyaSSL_Debugging_ON() to turn logging on. |
| |
| On Unix use ./configure --enable-debug |
| |
| On Windows define DEBUG_CYASSL when building CyaSSL |
| |
| |
| To turn logging back off call CyaSSL_Debugging_OFF() |
| |
| See notes below (0.2.0) for complete build instructions. |
| |
| |
| *****************CyaSSL version 0.6.2 (10/29/2006) |
| |
| This release of CyaSSL adds TLS 1.1. |
| |
| Note that CyaSSL has certificate verification on by default, unlike OpenSSL. |
| To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with |
| SSL_VERIFY_NONE. In order to have full security you should never do this, |
| provide CyaSSL with the proper certificates to eliminate impostors and call |
| CyaSSL_check_domain_name() to prevent man in the middle attacks. |
| |
| See notes below (0.2.0) for build instructions. |
| |
| *****************CyaSSL version 0.6.0 (10/25/2006) |
| |
| This release of CyaSSL adds more SSL functions, better autoconf, nonblocking |
| I/O for accept, connect, and read. There is now an --enable-small configure |
| option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in |
| for the defines. Note that TLS requires HMAC and AES requires TLS. |
| |
| See notes below (0.2.0) for build instructions. |
| |
| |
| *****************CyaSSL version 0.5.5 (09/27/2006) |
| |
| This mini release of CyaSSL adds better input processing through buffered input |
| and big message support. Added SSL_pending() and some sanity checks on user |
| settings. |
| |
| See notes below (0.2.0) for build instructions. |
| |
| |
| *****************CyaSSL version 0.5.0 (03/27/2006) |
| |
| This release of CyaSSL adds AES support and minor bug fixes. |
| |
| See notes below (0.2.0) for build instructions. |
| |
| |
| *****************CyaSSL version 0.4.0 (03/15/2006) |
| |
| This release of CyaSSL adds TLSv1 client/server support and libtool. |
| |
| See notes below for build instructions. |
| |
| |
| *****************CyaSSL version 0.3.0 (02/26/2006) |
| |
| This release of CyaSSL adds SSLv3 server support and session resumption. |
| |
| See notes below for build instructions. |
| |
| |
| *****************CyaSSL version 0.2.0 (02/19/2006) |
| |
| |
| This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL |
| is written in ANSI C with the idea of a small code size, footprint, and memory |
| usage in mind. CTaoCrypt can be as small as 32K, and the current client |
| version of CyaSSL can be as small as 12K. |
| |
| |
| The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer |
| Support, RSA, ASN parsing, and basic x509 (en/de)coding. |
| |
| The first release of CyaSSL supports normal client RSA mode SSLv3 connections |
| with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. |
| |
| |
| --To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: |
| |
| ./configure |
| make |
| |
| from the ./testsuite/ directory run ./testsuite |
| |
| to make a debug build: |
| |
| ./configure --enable-debug --disable-shared |
| make |
| |
| |
| |
| --To build on Win32 |
| |
| Choose (Re)Build All from the project workspace |
| |
| Run the testsuite program |
| |
| |
| |
| *** The next release of CyaSSL will support a server and more OpenSSL |
| compatibility functions. |
| |
| |
| Please send questions or comments to todd@yassl.com |
| |