ANNOUNCE: PureTLS version 0.9b5 Copyright (C) 1999-2005 Claymore Systems, Inc.
http://www.rtfm.com/puretls DESCRIPTION PureTLS is a free Java-only implementation of the SSLv3 and TLSv1 (RFC2246) protocols. PureTLS was developed by Eric Rescorla for Claymore Systems, Inc, but is being distributed for free because we believe that basic network security is a public good and should be a commodity. PureTLS is licensed under a Berkeley-style license, which basically means that you can do anything you want with it, provided that you give us credit. This is a beta release of PureTLS. Although it has undergone a fair amount of testing and is believed to operate correctly, it no doubt contains significant bugs, which this release is intended to shake out. Please send any bug reports to the author at <[EMAIL PROTECTED]>. CHANGES FROM B4 * SECURITY: Zero OPTIONAL values before parsing. This prevents bleedthrough of those values from previously parsed certificates into certificates where they are missing. This is a workaround for a bug in the Cryptix ASN.1 kit. The only relevant values are Extensions and Algorithm.Parameters. In practice this should not be a problem with Algorithm.Parameters Since they're NULL in RSA certificates and always present in real DSA certificates. If you rely on Extensions you should upgrade as soon as possible. Note: extensions processing is still only partially tested (see below). * Trim all leading zeros from DH shared keys. This fixes a rare compatibility problem. * Fix handling of pathLen constraints. We were off by one, causing some valid certificates to be rejected. We believe that this is the best version of PureTLS available. Users are advised to upgrade as soon as possible. In particular, if you rely on X.509 extension processing you should upgrade as soon as possible. This will most likely be the last release of PureTLS distributed as a standalone package by Claymore Systems. We have given the BouncyCastle (http://www.bouncycastle.org) permission to integrate the PureTLS source code with their library and we expect them to deliver an integrated system in the future. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]