diff options
author | lloyd <[email protected]> | 2012-08-09 21:58:51 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-08-09 21:58:51 +0000 |
commit | bc62ed12d752b63b6529527502e2536f5353bbc5 (patch) | |
tree | 6441fe88e88d170c3a8bfe918c4cc2f235007109 /doc/relnotes/1_11_1.rst | |
parent | 5df6c37a9b8047e4ad65f2a2813653dd10403203 (diff) |
Instead of using static salts in the KDF for generating the cipher and
MAC keys for session encryption, randomly generate two 80-bit salt
values which are included in the session blob and run the KDF over the
master key and the random salts to create the keys.
Diffstat (limited to 'doc/relnotes/1_11_1.rst')
-rw-r--r-- | doc/relnotes/1_11_1.rst | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst index 002437cc9..518f4702a 100644 --- a/doc/relnotes/1_11_1.rst +++ b/doc/relnotes/1_11_1.rst @@ -4,25 +4,33 @@ Version 1.11.1, Not Yet Released TLS and DTLS """""""""""""""""""""""""""""""""""""""" -Initial support for DTLS (v1.0 and v1.2) is available in this -release. - -Added :cpp:func:`TLS::Policy::acceptable_protocol_version` -and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` +.. + Initial support for DTLS (v1.0 and v1.2) is available in this release + though it should be considered highly experimental. Currently timeouts + and retransmissions are not handled. :cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random 256-bit key at startup and encrypts all sessions (using the existing :cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in -memory. This is primarily to reduce pressure on ``mlock``ed memory, as -each session normally requires 48 bytes of locked memory for the -master secret, whereas now only 32 bytes are needed total. This change -may also make it slightly harder for an attacker to extract session -data from memory dumps (eg with a cold boot attack). +memory. This is primarily to reduce pressure on locked memory, as each +session normally requires 48 bytes of locked memory for the master +secret, whereas now only 32 bytes are needed total. This change may +also make it slightly harder for an attacker to extract session data +from memory dumps (eg with a cold boot attack). TLS clients were not sending a next protocol message during a session resumption, which would cause resumption failures with servers that support NPN if NPN was being offered by the client. +New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version` +and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were +added. + +The keys used for session encryption were previously uniquely +determined by the master key. Now the encrypted session blob includes +two 80 bit salts which are used in the derivation of the cipher and +MAC keys. + A heartbeat request send by the counterparty during a handshake would be passed to the application callback as a heartbeat response. |