diff options
author | lloyd <[email protected]> | 2015-01-08 12:57:15 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2015-01-08 12:57:15 +0000 |
commit | e1d118f4973e2d5f58971acfb8aa28f4fc3085e2 (patch) | |
tree | 27f6b90c8e87ed000ce2c0540e4bcab63891a730 /doc/relnotes | |
parent | a62473b5f0a893db620d8658d75374a50a67e496 (diff) |
Change TLS session encryption to use AES-256/GCM instead of CBC+HMAC
Diffstat (limited to 'doc/relnotes')
-rw-r--r-- | doc/relnotes/1_11_13.rst | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/doc/relnotes/1_11_13.rst b/doc/relnotes/1_11_13.rst index f72c0f56b..b69073859 100644 --- a/doc/relnotes/1_11_13.rst +++ b/doc/relnotes/1_11_13.rst @@ -1,16 +1,32 @@ Version 1.11.13, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* The format of TLS sessions has changed. The PEM formatted version - now uses "TLS SESSION" instead of "SSL SESSION" as the header, - and the version number of the binary format has also changed. +* Add DTLS-SRTP negotiation defined in RFC 5764 * Add SHA-512/256 -* Add DTLS-SRTP negotiation defined in RFC 5764 +* The format of serialized TLS sessions has changed. Additiionally, PEM + formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION". + +* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a + CBC+HMAC construction. + +* The cryptobox_psk module added in 1.11.4 and previously used for TLS session + encryption has been removed. + +* When sending a TLS heartbeat message, the number of pad bytes to use can now + be specified, making it easier to use for PMTU discovery. + +* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a + byte-at-a-time loop. + +* The functions base64_encode and base64_decode would erroneously + throw an exception if passed a zero-length input. Github issue 37. -* The Python install script added in version 1.11.10 failed to place - the headers into a versioned subdirectory. +* The Python install script added in version 1.11.10 failed to place the + headers into a versioned subdirectory. * Fix the install script when running under Python3. +* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github + pull 36 from Simon Warta. |