diff options
| author | lloyd <[email protected]> | 2012-08-11 23:49:41 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-08-11 23:49:41 +0000 |
| commit | b3226586f6e0b48afb90fef41a07e47d6d70c721 (patch) | |
| tree | 59a07bd1dd845a5a23950842c8bcdae7629941d0 /doc | |
| parent | 934f3e5e53d091806244913a3bb9ff8a75f00f59 (diff) | |
Reject SRP6 values which are negative or larger than p since these are
likely totally bogus.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/relnotes/1_11_1.rst | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst index 518f4702a..8300c4a17 100644 --- a/doc/relnotes/1_11_1.rst +++ b/doc/relnotes/1_11_1.rst @@ -1,7 +1,7 @@ Version 1.11.1, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -TLS and DTLS +TLS Enhancements and Bug Fixes """""""""""""""""""""""""""""""""""""""" .. @@ -18,24 +18,25 @@ secret, whereas now only 32 bytes are needed total. This change may also make it slightly harder for an attacker to extract session data from memory dumps (eg with a cold boot attack). -TLS clients were not sending a next protocol message during a session -resumption, which would cause resumption failures with servers that -support NPN if NPN was being offered by the client. +The keys used for session encryption were previously uniquely +determined by the master key. Now the encrypted session blob includes +two 80 bit salts which are used in the derivation of the cipher and +MAC keys. New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version` and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were added. -The keys used for session encryption were previously uniquely -determined by the master key. Now the encrypted session blob includes -two 80 bit salts which are used in the derivation of the cipher and -MAC keys. +TLS clients were not sending a next protocol message during a session +resumption, which would cause resumption failures with servers that +support NPN if NPN was being offered by the client. -A heartbeat request send by the counterparty during a handshake would -be passed to the application callback as a heartbeat response. +A bug caused heartbeat requests sent by the counterparty during a +handshake to be passed to the application callback as if they were +heartbeat responses. -Public Key Strength Checking -"""""""""""""""""""""""""""""""""""""""" +New Feature: Public Key Strength Checking +"""""""""""""""""""""""""""""""""""""""""" A new function :cpp:func:`Public_Key::estimated_strength` returns an estimate for the upper bound of the strength of the key. For @@ -48,8 +49,17 @@ below 80 bits of strength (as estimated by ``estimated_strength``) are rejected. This level can be modified using a parameter to the :cpp:class:`Path_Validation_Restrictions` constructor. +SRP6 Is Picker About Values +"""""""""""""""""""""""""""""""""""""""" + +The SRP6 code was checking for invalid values as specified in RFC +5054, ones equal to zero mod p, however it would accept negative A/B +values, or ones larger than p, neither of which should occur in a +normal run of the protocol. These values are now rejected. Credits +to Timothy Prepscius for pointing out these values are not normally +used and probably signal something fishy. -BigInt Modifications +Removal of Various BigInt Functions """""""""""""""""""""""""""""""""""""""" Several :cpp:class:`BigInt` functions have been removed, including |