Hello, We've just released gnutls 3.6.14. This is a security and bug fix release on the stable 3.6.x branch.
We'd like to thank everyone who contributed in this release: Dmitry Baryshkov, Daiki Ueno, Nikos Mavrogiannopoulos, Steve Lhomme, Anderson Toshiyuki Sasaki, Pierre Ossman, Tim Rühsen, Bernhard M. Wiedemann, and rrivers2. The detailed list of changes follows; they can be seen in more detail in our milestone tracker: https://gitlab.com/gnutls/gnutls/-/milestones/28 * Version 3.6.14 (released 2020-06-03) ** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). [GNUTLS-SA-2020-06-03, CVSS: high] ** libgnutls: Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). ** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). ** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority Key Identifier (AKI) properly (#989, #991). ** certtool: PKCS #7 attributes are now printed with symbolic names (!1246). ** libgnutls: Added several improvements on Windows Vista and later releases (!1257, !1254, !1256). Most notably the system random number generator now uses Windows BCrypt* API if available (!1255). ** libgnutls: Use accelerated AES-XTS implementation if possible (!1244). Also both accelerated and non-accelerated implementations check key block according to FIPS-140-2 IG A.9 (!1233). ** libgnutls: Added support for AES-SIV ciphers (#463). ** libgnutls: Added support for 192-bit AES-GCM cipher (!1267). ** libgnutls: No longer use internal symbols exported from Nettle (!1235) ** API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added Getting the Software ==================== GnuTLS may be downloaded directly from < ftp://ftp.gnutls.org/gcrypt/gnutls/>;. A list of GnuTLS mirrors can be found at < http://www.gnutls.org/download.html> Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.14.tar.xz Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.14.tar.xz.sig Note that it has been signed with my openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno <[email protected]> uid [ultimate] Daiki Ueno <[email protected]> sub rsa4096 2010-02-04 [E] Regards, -- Daiki Ueno, on behalf of the GnuTLS development team
signature.asc
Description: PGP signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
