GnuTLS 2.9.4

Simon Josefsson simon at
Thu Sep 3 12:03:50 CEST 2009

The GnuTLS 2.9.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

Here are the compressed sources (6.0MB):

Here is the OpenPGP signature:

Windows build:

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See for more details.


* Version 2.9.4 (released 2009-09-03)

** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
The new supported ciphersuites are AES-128/256 in CBC mode with
ANON-DH/RSA/DHE-DSS/DHE-RSA.  Contributed by Daiki Ueno.  Further,
SHA-256 is now the preferred default MAC (however it is only used with
TLS 1.2).

** libgnutls: Make OpenPGP hostname checking work again.
The patch to resolve the X.509 CN/SAN issue accidentally broken
OpenPGP hostname comparison.

** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
Reported by Howard Chu <hyc at> in

** Fix use of deprecated types internally.
Use of deprecated types in GnuTLS from now on will lead to a compile
error, to prevent this from happening again.

** API and ABI modifications:
No changes since last version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20090903/475ceaa7/attachment.pgp>

More information about the Gnutls-devel mailing list