blob: 518f4702ac0c1134ec1f56fc60d5dee3559f1581 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Version 1.11.1, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TLS and DTLS
""""""""""""""""""""""""""""""""""""""""
..
Initial support for DTLS (v1.0 and v1.2) is available in this release
though it should be considered highly experimental. Currently timeouts
and retransmissions are not handled.
:cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random
256-bit key at startup and encrypts all sessions (using the existing
:cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in
memory. This is primarily to reduce pressure on locked memory, as each
session normally requires 48 bytes of locked memory for the master
secret, whereas now only 32 bytes are needed total. This change may
also make it slightly harder for an attacker to extract session data
from memory dumps (eg with a cold boot attack).
TLS clients were not sending a next protocol message during a session
resumption, which would cause resumption failures with servers that
support NPN if NPN was being offered by the client.
New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`
and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were
added.
The keys used for session encryption were previously uniquely
determined by the master key. Now the encrypted session blob includes
two 80 bit salts which are used in the derivation of the cipher and
MAC keys.
A heartbeat request send by the counterparty during a handshake would
be passed to the application callback as a heartbeat response.
Public Key Strength Checking
""""""""""""""""""""""""""""""""""""""""
A new function :cpp:func:`Public_Key::estimated_strength` returns
an estimate for the upper bound of the strength of the key. For
instance for an RSA key, it will return an estimate of how many
operations GNFS would take to factor the key.
A new :cpp:class:`Path_Validation_Result` code has been added
``SIGNATURE_METHOD_TOO_WEAK``. By default signatures created with keys
below 80 bits of strength (as estimated by ``estimated_strength``) are
rejected. This level can be modified using a parameter to the
:cpp:class:`Path_Validation_Restrictions` constructor.
BigInt Modifications
""""""""""""""""""""""""""""""""""""""""
Several :cpp:class:`BigInt` functions have been removed, including
``operator[]``, ``assign``, ``get_reg``, and ``grow_reg``. The version
of ``data`` that returns a mutable pointer has been renamed
``mutable_data``. Support for octal conversions has been removed.
The constructor ``BigInt(NumberType type, size_t n)`` has been
removed, replaced by ``BigInt::power_of_2``.
|
