[gnutls-help] gnutls 3.1.7

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Feb 4 11:25:43 CET 2013

 I've just released gnutls 3.1.7. This is a new release on the current
stable branch. Note that this release includes a new gnutls-xssl library
which provides a very simple API to use. The new API is demonstrated in
[0]. We welcome comments on the new API.

[0]. http://www.gnutls.org/manual/html_node/XSSL-examples.html#XSSL-examples

* Version 3.1.7 (released 2012-02-04)

** certtool: Added option "dn" which allows to directly set the DN
in a template from an RFC4514 string.

** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.

** libgnutls-xssl: Added a new library to simplify GnuTLS usage.

** libgnutls-dane: Added function to specify a DLV file.

** libgnutls: Heartbeat code was made optional.

** libgnutls: Fixes in server side of DTLS-0.9.

** libgnutls: DN variable 'T' was expanded to 'title'.

** libgnutls: Fixes in record padding parsing to prevent a timing
attack. Issue reported by Kenny Paterson and Nadhem Alfardan.

** libgnutls: Added functions to directly set the DN in a certificate
or request from an RFC4514 string.

** libgnutls: Optimizations in the random generator. The re-seeding of
it is now explicitly done on every session deinit.

** libgnutls: Simplified the DTLS sliding window implementation.

** libgnutls: The minimum DH bits accepted by a client are now set
by the specified priority string. The current values correspond to the
previous defaults (727 bits), except for the SECURE128 and SECURE192
strings which increase the minimum to 1248 and 1776 respectively.

** libgnutls: Added the gnutls_record_cork() and uncork API to enable
buffering in sending application data.

** libgnutls: Removed default random padding, and added a length-hiding
interface instead.  Both the server and the client must support this
extension. Whether length-hiding can be used on a given session can be
checked using gnutls_record_can_use_length_hiding(). Contributed by
Alfredo Pironti.

** libgnutls: Added the experimental %NEW_PADDING priority string. It
enables a new padding mechanism in TLS allowing arbitrary padding in TLS
records in all ciphersuites, which makes length-hiding more efficient
and solves the issues with timing attacks on CBC ciphersuites.

** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
ciphers (i.e., AES-GCM). Reported by William McGovern.

** API and ABI modifications:
gnutls_db_check_entry_time: Added
gnutls_record_set_timeout: Added
gnutls_record_get_random_padding_status: Added
gnutls_x509_crt_set_dn: Added
gnutls_x509_crt_set_issuer_dn: Added
gnutls_x509_crq_set_dn: Added
gnutls_record_cork: Added
gnutls_record_uncork: Added
gnutls_range_split: Added
gnutls_record_send_range: Added
gnutls_record_set_max_empty_records: Added
gnutls_record_can_use_length_hiding: Added
gnutls_rnd_refresh: Added
xssl_deinit: Added
xssl_flush: Added
xssl_read: Added
xssl_getdelim: Added
xssl_write: Added
xssl_printf: Added
xssl_sinit: Added
xssl_client_init: Added
xssl_server_init: Added
xssl_get_session: Added
xssl_get_verify_status: Added
xssl_cred_init: Added
xssl_cred_deinit: Added
dane_state_set_dlv_file: Added

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-help mailing list