Difference between OpenSSL 09.8z* and 1.0.1*

Question

OpenSSL seems to actively maintain 0.9.8 series, currently in 0.9.8zc and develop 1.x series at the same time.

Can someone provide authoritative set of differences between the two branches?

What protocols or features 1.0.1 series has that 0.9.8-latest does not and will not?

Answer 1

OpenSSL seems to actively maintain 0.9.8 series

Well, its now End-of-Life, so that won't be true in the future. See OpenSSL Project Roadmap.

Can someone provide authoritative set of differences between the two branches?

There's too many difference to point out. But the authoritative answer can be lifted out of the OpenSSL CHANGELOG.

For example, from the CHANGELOG, you will see DTLS 1.2 support was added at 1.0.2. Here's how it looks in the log:

Changes between 1.0.1k and 1.0.2

• [lots of text between the header and the entry removed]

• Support for DTLS 1.2.

The heading Changes between 1.0.1k and 1.0.2 means the feature was added after 1.0.1k. However, thet does not mean its available in 1.0.1i. Rather, it means its available in 1.0.2.

What protocols or features 1.0.1 series has that 0.9.8-latest does not and will not?

Hashes other than MD5 and SHA1 in handshakes, TLS extensions like sever_name, RFC 3161 support, RFC 4507 support, RFC 4279 support, DSA-224 and DSA-256, ECDSA-with-SHA224/256/384/512, Issuing Distribution Point CRLs, Non-blocking OCSP request processing, Elliptic Curves Extension (draft-ietf-tls-ecc-12.txt), Supported Point Formats Extension (draft-ietf-tls-ecc-12.txt), ECDH with RSA certificates, DTLS, etc.

Answer 2

I've created API/ABI changes report for the library here. You can find timeline of added/removed symbols and detailed description of changes in data types in the report. The report is generated by the abi-tracker tool:

...

...