blob: e3d9bced21aebd96330216d9e8dbf7fd109b70cd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
Version 1.11.13, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* All support for the insecure SSLv3 protocol and the server support
for processing SSLv2 client hellos has been removed.
* The command line tool now has `tls_proxy` which negotiates TLS with
clients and forwards the plaintext to a specified port.
* Add MCEIES, a McEliece-based integrated encryption system using
AES-256 in OCB mode for message encryption/authentication.
* Add DTLS-SRTP negotiation defined in RFC 5764
* Add SipHash
* Add SHA-512/256
* The format of serialized TLS sessions has changed. Additiionally, PEM
formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION"
* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a
CBC+HMAC construction.
* The cryptobox_psk module added in 1.11.4 and previously used for TLS session
encryption has been removed.
* When sending a TLS heartbeat message, the number of pad bytes to use can now
be specified, making it easier to use for PMTU discovery.
* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a
byte-at-a-time loop.
* The functions base64_encode and base64_decode would erroneously
throw an exception if passed a zero-length input. Github issue 37.
* The Python install script added in version 1.11.10 failed to place the
headers into a versioned subdirectory.
* Fix the install script when running under Python3.
* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github
pull 36 from Simon Warta.
|