aboutsummaryrefslogtreecommitdiffstats
path: root/doc/relnotes/1_11_10.rst
blob: 75c6cbade25962befa901fbf479d8a90aa5837c5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Version 1.11.10, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* An implementation of McEliece code-based public key encryption based
  on INRIA's HyMES and secured against a variety of side-channels was
  contributed by cryptosource GmbH. The original version is LGPL but
  cryptosource has secured permission to release an adaptation under a
  BSD license. A CCA2-secure KEM scheme is also included.

  The implementation is further described in
  http://www.cryptosource.de/docs/mceliece_in_botan.pdf and
  http://cryptosource.de/news_mce_in_botan_en.html

* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00).
  Clients will send a fallback SCSV if the version passed to the Client
  constructor is less than the latest version supported by local policy,
  so applications implementing fallback are protected. Servers always check
  the SCSV.

* In previous versions a TLS::Server could service either TLS or DTLS
  connections depending on policy settings and what type of client hello it
  received. This has changed and now a Server object is initialized for either
  TLS or DTLS operation. The default policy previously prohibited DTLS,
  precisely to prevent a TCP server from being surprised by a DTLS connection.
  This has changed and the default policy now allows TLS v1.0 or higher or DTLS
  v1.2.

* Fixed a bug in CCM mode which caused it to produce incorrect tags when used
  with a value of L other than 2. This affected CCM TLS ciphersuites, which use
  L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and
  patch. Bugzilla 270.

* DTLS now supports timeouts and handshake retransmits.

* Add a TLS policy hook to disable putting the value of the local clock in hello
  random fields.

* All compression operations previously available as Filters are now
  performed via the Transformation API, which minimizes memory copies.

* The zlib module now also supports gzip compression and decompression.

* Avoid a crash in low-entropy situations when reading from /dev/random, when
  select indicated the device was readable but by the time we start the read the
  entropy pool had been depleted.

* The Miller-Rabin primality test function now takes a parameter allowing the
  user to directly specify the maximum false negative probability they are
  willing to accept.

* PKCS #8 private keys can now be encrypted using GCM mode instead of
  unauthenticated CBC. The default remains CBC for compatability.

* The default PKCS #8 encryption scheme has changed to use PBKDF2 with
  SHA-256 instead of SHA-1

* A specialized reducer for P-521 was added.

* On Linux the mlock allocator will use MADV_DONTDUMP on the pool so
  that the contents are not included in coredumps.

* A new interface for directly using a system-provided PRNG is
  available in system_rng.h. Currently only systems with /dev/urandom
  are supported.

* Fix decoding indefinite length BER constructs that contain a context sensitive
  tag of zero. Github pull 26 from Janusz Chorko.

* Added AltiVec detection for POWER8 processors.

* Add a new install script written in Python which replaces shell hackery in the
  makefiles.

* Various modifications to better support Visual C++ 2013 and 2015. Github
  issues 11, 17, 18, 21, 22.