The difference between OpenSSL 09.8z * and 1.0.1 *

OpenSSL seems to actively support 0.9.8 series

Well, now this is the end of life, so that will not be true in the future. See OpenSSL Project Roadmap .

Can someone provide an authoritative set of differences between two branches?

There is too much difference to indicate. But an authoritative answer can be removed from OpenSSL CHANGELOG .

For example, from CHANGELOG you will see that support for DTLS 1.2 was added in 1.0.2. Here's what it looks like in a magazine:

Changes between 1.0.1k and 1.0.2

• [a lot of text between the title and the deleted post]

• Support for DTLS 1.2.

The heading Changes between 1.0.1k and 1.0.2 means that the function was added after 1.0.1k. However, this does not mean that it is available in 1.0.1i . Rather, it means that it is available in 1.0.2 .

What protocols or functions of the 1.0.1 series have the 0.9.8 - the latter will not be so?

Handshakes other than MD5 and SHA1 in handshakes, TLS extensions such as market_name, RFC 3161 support, RFC 4507 support, RFC 4279 support, DSA-224 and DSA-256, ECDSA-with-SHA224 / 256/384/512, issuance Control points C distribution points, Non-blocking processing of OCSP requests, Extension of elliptic curves (draft-ietf-tls-ecc-12.txt), Extension of supported points (draft-ietf-tls-ecc-12.txt), ECDH with RSA certificates, DTLS etc.