Version 1.11.0, 2012-07-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. note:: In this release, many new features of C++11 are being used in the library. Currently GCC 4.7 and Clang 3.1 are known to work well. This version of the library cannot be compiled by or used with a C++98 compiler. TLS and PKI Changes """""""""""""""""""""""""""""""""""""""" There have been many changes and improvements to :doc:`TLS <../tls>`. The interface is now purely event driven and does not directly interact with sockets. New TLS features include TLS v1.2 support, client certificate authentication, renegotiation, session tickets, and session resumption. Session information can be saved in memory or to an encrypted SQLite3 database. Newly supported TLS ciphersuite algorithms include using SHA-2 for message authentication, pre shared keys and SRP for authentication and key exchange, ECC algorithms for key exchange and signatures, and anonymous DH/ECDH key exchange. Support for :doc:`OCSP <../ocsp>` has been added. Currently only client-side support exists. The API for X.509 path validation has changed, with ``x509_path_validate`` in x509path.h now handles path validation and ``Certificate_Store`` handles storage of certificates and CRLs. Memory Container Changes """""""""""""""""""""""""""""""""""""""" The memory container types have changed substantially. The ``MemoryVector`` and ``SecureVector`` container types have been removed, and an alias of ``std::vector`` using an allocator that clears memory named ``secure_vector`` is used for key material, with plain ``std::vector`` being used for everything else. The technique used for mlock'ing memory on Linux and BSD systems is much improved. Now a single page-aligned block of memory (the exact limit of what we can mlock) is mmap'ed, with allocations being done using a best-fit allocator and all metadata held outside the mmap'ed range, in an effort to make best use of the very limited amount of memory current Linux kernels allow unpriveledged users to lock. New LZMA Compression Filter """""""""""""""""""""""""""""""""""""""" A filter using LZMA was contributed by Vojtech Kral. It is available if LZMA support was enabled at compilation time by passing ``--with-lzma`` to ``configure.py``. ECC Key Decoding Problem Resolved """""""""""""""""""""""""""""""""""""""" :rfc:`5915` adds some extended information which can be included in ECC private keys which the ECC key decoder did not expect, causing an exception when such a key was loaded. In particular, recent versions of OpenSSL use these fields. Now these fields are decoded properly, and if the public key value is included it is used, as otherwise the public key needs to be rederived from the private key. However the library does not include these fields on encoding keys for compatability with software that does not expect them (including older versions of botan).