[gnutls-devel] gnutls 3.5.19

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jul 16 08:48:19 CEST 2018

 I've just released gnutls 3.5.19. This is a bug fix release on the
current stable branch.

* Version 3.5.19 (released 2018-07-16)

** libgnutls: Backported PKCS#11 module improvements in initialization
   from master branch.

** libgnutls: Corrected infinite loop when an incorrect PIN was provided
   via pin-value or pin-source.

** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
   and Adi Shamir reported that the existing counter-measures had certain issues and
   were insufficient when the attacker has additional access to the CPU cache and 
   performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]

** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
   priority strings. They are not necessary for compatibility or other purpose and
   provide no advantage over their SHA1 counter-parts, as they all depend on the legacy
   TLS CBC block mode.

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list