aboutsummaryrefslogtreecommitdiffstats
path: root/doc/relnotes/1_11_13.rst
blob: f617ec3b922285980be149e5d06e0d143eeeaffb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Version 1.11.13, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* All support for the insecure SSLv3 protocol and the server support
  for processing SSLv2 client hellos has been removed.

* The command line tool now has `tls_proxy` which negotiates TLS with
  clients and forwards the plaintext to a specified port.

* Add MCEIES, a McEliece-based integrated encryption system using
  AES-256 in OCB mode for message encryption/authentication.

* Add DTLS-SRTP negotiation defined in RFC 5764

* Add SHA-512/256

* The format of serialized TLS sessions has changed. Additiionally, PEM
  formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION"

* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a
  CBC+HMAC construction.

* The cryptobox_psk module added in 1.11.4 and previously used for TLS session
  encryption has been removed.

* When sending a TLS heartbeat message, the number of pad bytes to use can now
  be specified, making it easier to use for PMTU discovery.

* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a
  byte-at-a-time loop.

* The functions base64_encode and base64_decode would erroneously
  throw an exception if passed a zero-length input. Github issue 37.

* The Python install script added in version 1.11.10 failed to place the
  headers into a versioned subdirectory.

* Fix the install script when running under Python3.

* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github
  pull 36 from Simon Warta.