From bc62ed12d752b63b6529527502e2536f5353bbc5 Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 9 Aug 2012 21:58:51 +0000 Subject: Instead of using static salts in the KDF for generating the cipher and MAC keys for session encryption, randomly generate two 80-bit salt values which are included in the session blob and run the KDF over the master key and the random salts to create the keys. --- doc/relnotes/1_11_1.rst | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'doc/relnotes/1_11_1.rst') diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst index 002437cc9..518f4702a 100644 --- a/doc/relnotes/1_11_1.rst +++ b/doc/relnotes/1_11_1.rst @@ -4,25 +4,33 @@ Version 1.11.1, Not Yet Released TLS and DTLS """""""""""""""""""""""""""""""""""""""" -Initial support for DTLS (v1.0 and v1.2) is available in this -release. - -Added :cpp:func:`TLS::Policy::acceptable_protocol_version` -and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` +.. + Initial support for DTLS (v1.0 and v1.2) is available in this release + though it should be considered highly experimental. Currently timeouts + and retransmissions are not handled. :cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random 256-bit key at startup and encrypts all sessions (using the existing :cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in -memory. This is primarily to reduce pressure on ``mlock``ed memory, as -each session normally requires 48 bytes of locked memory for the -master secret, whereas now only 32 bytes are needed total. This change -may also make it slightly harder for an attacker to extract session -data from memory dumps (eg with a cold boot attack). +memory. This is primarily to reduce pressure on locked memory, as each +session normally requires 48 bytes of locked memory for the master +secret, whereas now only 32 bytes are needed total. This change may +also make it slightly harder for an attacker to extract session data +from memory dumps (eg with a cold boot attack). TLS clients were not sending a next protocol message during a session resumption, which would cause resumption failures with servers that support NPN if NPN was being offered by the client. +New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version` +and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were +added. + +The keys used for session encryption were previously uniquely +determined by the master key. Now the encrypted session blob includes +two 80 bit salts which are used in the derivation of the cipher and +MAC keys. + A heartbeat request send by the counterparty during a handshake would be passed to the application callback as a heartbeat response. -- cgit v1.2.3