[gnutls-help] gnutls 3.2.7

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 23 16:23:32 CET 2013

 I've just released gnutls 3.2.7. This release adds new features and
fixes bugs on the next stable branch. Note that this will be the last
release of 3.2.7 with (major) new features added. If there are no 
serious bugs reported on this branch for a while, it will be marked
as stable.

* Version 3.2.7 (released 2013-11-23)

** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV
size in GCM ciphers (previously it returned the implicit IV used in

** libgnutls: gnutls_certificate_set_x509_key_file() et al when
provided with a PKCS #11 URL pointing to a certificate, will attempt to
load the whole chain.

** libgnutls: When traversing PKCS #11 tokens looking for an object,
avoid looking in unrelated to the object tokens.

** libgnutls: Added an experimental %DUMBFW option in priority strings.
This avoids a black hole behavior in some firewalls by sending a large
client hello. See

** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level
number will force output of debug messages to stderr.

** libgnutls: Fixed the setting of the ciphersuite when
gnutls_premaster_set() is used with another protocol than the
GNUTLS_DTLS0_9 protocol.

** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no
well defined expiration date when (time_t)-1 is specified as date.

** libgnutls: Session tickets are encrypted using AES-GCM.

** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.

** libgnutls: Forbid all compression methods in DTLS.

** gnutls-serv: Fixed issue with IPv6 address in UDP mode.

** certtool: When exporting an encrypted PEM private key do not output
the key parameters.

** certtool: Expiration days template option allows for a -1 value
which will set to the no well defined expiration date (RFC5280), and no
longer chokes on integer overflows. Suggested by Stefan Buehler.

** certtool: Added new template options: 'activation_date', and

** tools: The environment variable GNUTLS_PIN can be used to read any
PIN requested from tokens.

** tools: The installed version of libopts is used if the autogen tool
is present.

** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-help mailing list