[gnutls-devel] gnutls 3.2.0

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri May 10 18:38:45 CEST 2013


Hello,
 I've just released gnutls 3.2.0. This release significantly
improves the performance of gnutls in two ways. The new elliptic curve
implementation of nettle 2.7 is used which improves performance by a
factor of 2 (thanks to Niels Moeller), and on the ciphersuite level
the (currently) private ciphersuites with Salsa20 and UMAC-96 are
defined, giving a performance boost compared to any ARCFOUR or AES 
based ciphersuites. The new ciphersuites also provide a solution to the
recent attacks in TLS that compromise the security of CBC-based
ciphersuites and ARCFOUR. Note that since these are private --i.e.,
gnutls-specific-- ciphersuites they are not enabled by default.

In addition on this release all support for the so-called EXPORT
ciphersuites is dropped.


* Version 3.2.0 (released 2013-05-10)

** libgnutls: Use nettle's elliptic curve implementation.

** libgnutls: Added Salsa20 cipher

** libgnutls: Added UMAC-96 and UMAC-128

** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite 
numbers.

** libgnutls: Added support for DTLS 1.2.

** libgnutls: Added support for the Application Layer Protocol
Negotiation (ALPN) extension.

** libgnutls: Removed support for the RSA-EXPORT ciphersuites.

** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).

** API and ABI modifications:
gnutls_cipher_get_iv_size: Added
gnutls_hmac_set_nonce: Added
gnutls_mac_get_nonce_size: Added

Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.0.tar.xz
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.0.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.0.tar.xz.sig
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.0.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



More information about the Gnutls-devel mailing list