Hello, We have just released gnutls-3.8.8. This is a bug fix and enhancement release on the 3.8.x branch.
We would like to thank everyone who contributed in this release: Alan Coopersmith, Alexander Sosedkin, Andreas Metzler, Brad Smith, Daiki Ueno, David Meliksetyan, Ekaterina Zilotina, Jeff Mattson, Sahil Siddiq, and Zoltan Fridrich. The detailed list of changes follows: * Version 3.8.8 (released 2024-11-05) ** libgnutls: Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange in TLS 1.3 The support for post-quantum key exchanges has been extended to cover the final standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem. The minimum supported version of liboqs is bumped to 0.11.0. ** libgnutls: All records included in an OCSP response are now checked in TLS Previously, when multiple records are provided in a single OCSP response, only the first record was considered; now all those records are examined until the server certificate matches. ** libgnutls: Handling of malformed compress_certificate extension is now more standard compliant The server behavior of receiving a malformed compress_certificate extension now more strictly follows RFC 8879; return illegal_parameter alert instead of bad_certificate, as well as overlong extension data is properly rejected. ** build: More flexible library linking options for compression libraries, TPM, and liboqs support The configure options, --with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs now take 4 states: yes/link/dlopen/no, to specify how the libraries are linked or loaded. ** API and ABI modifications: No changes since last version. Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz Here are OpenPGP detached signatures signed using key: 5D46CB0F763405A7053556F47A75A648B3F9220C https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz.sig Note that it has been signed with my openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2026-06-29] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno <[email protected]> uid [ultimate] Daiki Ueno <[email protected]> sub rsa4096 2010-02-04 [E] Regards, -- Daiki Ueno
signature.asc
Description: PGP signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
