gnutls-3.7.2

[Bruce Dubbs]

New point version.

[Bruce Dubbs]

Version 3.7.2 (released 2021-05-29)

• libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode

• libgnutls: The Linux kernel AF_ALG based acceleration has been added. This can be enabled with --enable-afalg configure option, when libkcapi package is installed.

• libgnutls: Fixed timing of early data exchange. Previously, the client was sending early data after receiving Server Hello, which not only negates the benefit of 0-RTT, but also works under certain assumptions hold (e.g., the same ciphersuite is selected in initial and resumption handshake).

• certtool: When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default.

• libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose. The former is now deprecated and will be removed in the future releases.

• certtool: When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale (e.g. Country before State, Organization before OrganizationalUnit). This change also affects the order in which certtool prompts interactively. Please rely on the template mechanism for automated use of certtool!

API and ABI modifications:

• gnutls_early_cipher_get: Added
• gnutls_early_prf_hash_get: Added

[Bruce Dubbs]

Fixed at revision b278caafeaa4c34c5585ce31233e6dee4ccc6c88

Update to:
      cryptsetup-2.3.6
      gnutls-3.7.2
      nss-3.66
      vsftpd-3.0.4

[Bruce Dubbs]

Milestone renamed