aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-08-09 21:58:51 +0000
committerlloyd <[email protected]>2012-08-09 21:58:51 +0000
commitbc62ed12d752b63b6529527502e2536f5353bbc5 (patch)
tree6441fe88e88d170c3a8bfe918c4cc2f235007109 /doc
parent5df6c37a9b8047e4ad65f2a2813653dd10403203 (diff)
Instead of using static salts in the KDF for generating the cipher and
MAC keys for session encryption, randomly generate two 80-bit salt values which are included in the session blob and run the KDF over the master key and the random salts to create the keys.
Diffstat (limited to 'doc')
-rw-r--r--doc/relnotes/1_11_1.rst28
1 files changed, 18 insertions, 10 deletions
diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst
index 002437cc9..518f4702a 100644
--- a/doc/relnotes/1_11_1.rst
+++ b/doc/relnotes/1_11_1.rst
@@ -4,25 +4,33 @@ Version 1.11.1, Not Yet Released
TLS and DTLS
""""""""""""""""""""""""""""""""""""""""
-Initial support for DTLS (v1.0 and v1.2) is available in this
-release.
-
-Added :cpp:func:`TLS::Policy::acceptable_protocol_version`
-and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation`
+..
+ Initial support for DTLS (v1.0 and v1.2) is available in this release
+ though it should be considered highly experimental. Currently timeouts
+ and retransmissions are not handled.
:cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random
256-bit key at startup and encrypts all sessions (using the existing
:cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in
-memory. This is primarily to reduce pressure on ``mlock``ed memory, as
-each session normally requires 48 bytes of locked memory for the
-master secret, whereas now only 32 bytes are needed total. This change
-may also make it slightly harder for an attacker to extract session
-data from memory dumps (eg with a cold boot attack).
+memory. This is primarily to reduce pressure on locked memory, as each
+session normally requires 48 bytes of locked memory for the master
+secret, whereas now only 32 bytes are needed total. This change may
+also make it slightly harder for an attacker to extract session data
+from memory dumps (eg with a cold boot attack).
TLS clients were not sending a next protocol message during a session
resumption, which would cause resumption failures with servers that
support NPN if NPN was being offered by the client.
+New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`
+and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were
+added.
+
+The keys used for session encryption were previously uniquely
+determined by the master key. Now the encrypted session blob includes
+two 80 bit salts which are used in the derivation of the cipher and
+MAC keys.
+
A heartbeat request send by the counterparty during a handshake would
be passed to the application callback as a heartbeat response.