[gnutls-devel] gnutls 3.3.30
nmav at gnutls.org
Mon Jul 16 08:47:06 CEST 2018
I've just released gnutls 3.3.30. This is a bug-fix release on
the previous stable branch.
* Version 3.3.30 (released 2018-07-16)
** libgnutls: Corrected infinite loop when an incorrect PIN was provided
via pin-value or pin-source.
** gnutls-cli: backported the --sni-hostname option. This allows
overriding the hostname advertised to the peer.
** Improved counter-measures for TLS CBC record padding. Kenny Paterson,
Eyal Ronen and Adi Shamir reported that the existing countermeasures
had certain issues and were insufficient when the attacker has
additional access to the CPU cache and performs a chosen-plaintext
attack. This affected the legacy CBC ciphersuites. [CVSS: medium]
** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from
the default priority strings. They are not necessary for
compatibility or other purpose and provide no advantage over their
SHA1 counter-parts, as they all depend on the legacy TLS CBC block
** API and ABI modifications:
No changes since last version.
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-devel