blob: 58631e6f0b4634726a2917930a137dfc6356bfa7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
Version 1.11.10, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00).
Clients will send a fallback SCSV if the version passed to the Client
constructor is less than the latest version supported by local policy,
so applications implementing fallback are protected. Servers always check
the SCSV.
* In previous versions a TLS::Server could service either TLS or DTLS
connections depending on policy settings and what type of client hello it
received. This has changed and now a Server object is initialized for either
TLS or DTLS operation. The default policy previously prohibited DTLS,
precisely to prevent a TCP server from being surprised by a DTLS connection.
This has changed and the default policy now allows TLS v1.0 or higher or DTLS
v1.2.
* Fixed a bug in CCM mode which caused it to produce incorrect tags when used
with a value of L other than 2. This affected CCM TLS ciphersuites, which use
L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and
patch. Bugzilla 270.
* DTLS now supports timeouts and handshake retransmits.
* Add a TLS policy hook to disable putting the value of the local clock in hello
random fields.
* All compression operations previously available as Filters are now
performed via the Transformation API, which minimizes memory copies.
* The zlib module now also supports gzip compression and decompression.
* Avoid a crash in low-entropy situations when reading from /dev/random, when
select indicated the device was readable but by the time we start the read the
entropy pool had been depleted.
* The Miller-Rabin primality test function now takes a parameter allowing the
user to directly specify the maximum false negative probability they are
willing to accept.
* Fix decoding indefinite length BER constructs that contain a context sensitive
tag of zero. Github pull 26 from Janusz Chorko.
* Added AltiVec detection for POWER8 processors.
* Add a new install script written in Python which replaces shell hackery in the
makefiles.
* Various modifications to better support Visual C++ 2013 and 2015. Github
issues 11, 17, 18, 21, 22.
|
