Opened 7 years ago
Closed 7 years ago
#9914 closed enhancement (fixed)
gnutls-3.6.1
Reported by: | Pierre Labastie | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | 8.2 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version:
Hello, I've just released gnutls 3.6.1. This is a bug fix release for the 3.6.x branch. The releases on this branch will continue on a bi-monthly period. * Version 3.6.1 (released 2017-10-21) ** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was used. Resolves gitlab issue #259. ** libgnutls: gnutls_x509_crl_sign, gnutls_x509_crt_sign, gnutls_x509_crq_sign, were modified to sign with a better algorithm than SHA1. They will now sign with an algorithm that corresponds to the security level of the signer's key. ** libgnutls: gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal the function to auto-detect an appropriate hash algorithm to use. ** libgnutls: Removed support for signature algorithms using SHA2-224 in TLS. TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm in TLS 1.2. As such, no reason to keep supporting it. ** libgnutls: Refuse to use client certificates containing disallowed algorithms for a session. That reverts a change on 3.5.5, which allowed a client to use DSA-SHA1 due to his old DSA certificate, without requiring him to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). The previous approach was to allow a smooth move for client infrastructure after the DSA algorithm became disabled by default, and is no longer necessary as DSA is now being universally depracated. ** libgnutls: Refuse to resume a session which had a different SNI advertised. That improves RFC6066 support in server side. Reported by Thomas Klute. ** p11tool: Mark all generated objects as sensitive by default. ** p11tool: added options --sign-params and --hash. This allows testing signature with multiple algorithms, including RSA-PSS. ** API and ABI modifications: No changes since last version.
Change History (2)
comment:1 by , 7 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 7 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at revision 19400.