[gnutls-devel] gnutls 3.3.30

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jul 16 08:47:06 CEST 2018

 I've just released gnutls 3.3.30. This is a bug-fix release on
the previous stable branch.

* Version 3.3.30 (released 2018-07-16)

** libgnutls: Corrected infinite loop when an incorrect PIN was provided
   via pin-value or pin-source.

** gnutls-cli: backported the --sni-hostname option. This allows
   overriding the hostname advertised to the peer.

** Improved counter-measures for TLS CBC record padding. Kenny Paterson,
   Eyal Ronen and Adi Shamir reported that the existing countermeasures
   had certain issues and were insufficient when the attacker has
   additional access to the CPU cache and performs a chosen-plaintext
   attack. This affected the legacy CBC ciphersuites. [CVSS: medium]

** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from
   the default priority strings. They are not necessary for
   compatibility or other purpose and provide no advantage over their
   SHA1 counter-parts, as they all depend on the legacy TLS CBC block

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list