[gnutls-help] gnutls 3.6.5
nmav at gnutls.org
Sat Dec 1 06:39:22 CET 2018
I've just released gnutls 3.6.5. This is a bug fix release on the
3.6.x branch. It fixes several issues related to TLS1.3 support, and
addresses a moderate-severity issue related to RSA-encryption
ciphersuites. The issue affects usage of gnutls mainly in "cloud"
environments which we believe are an essential use case for crypto libs
today (see nettle's announcement for more information on the issue
). Due to that fix the minimum required version of nettle is 3.4.1.
That release marks the 3.6.x as our stable branch, and replaces the
3.5.x branch. The detailed list of changes follows.
I'd like to thank everyone who was involved in the release
Ander Juaristi, Daiki Ueno, Dmitry Eremin-Solenikov, Simo Sorce,
Stefan Berger, Stephan Mueller, Tim Rühsen, Tom Vrancken as well
as Niels Mueller for his work on the nettle library which made this
* Version 3.6.5 (released 2018-12-01)
** libgnutls: Provide the option of transparent re-handshake/reauthentication
when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
** libgnutls: The priority functions will ignore and not enable TLS1.3 if
requested with legacy TLS versions enabled but not TLS1.2. That is because
if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
servers which do not support TLS1.3 will negotiate TLS1.2 which will be
rejected by the client as disabled (#621).
** libgnutls: Change RSA decryption to use a new side-channel silent function.
This addresses a security issue where memory access patterns as well as timing
on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
attacks. Side-channel resistant code is slower due to the need to mask
access and timings. When used in TLS the new functions cause RSA based
handshakes to be between 13% and 28% slower on average (Numbers are indicative,
the tests where performed on a relatively modern Intel CPU, results vary
depending on the CPU and architecture used). This change makes nettle 3.4.1
the minimum requirement of gnutls (#630). [CVSS: medium]
** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
in the priority string. It is only accepted as legacy option and is ignored.
** libgnutls: Added support for EdDSA under PKCS#11 (#417)
** libgnutls: Added support for AES-CFB8 cipher (#357)
** libgnutls: Added support for AES-CMAC MAC (#351)
** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
S-BOXes). They are fixed now.
** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
keys parsing, as specified in R 50.1.112-2016.
** gnutls-serv: It applies the default settings when no --priority option is given,
** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
** certtool: Add parameter --no-text that prevents certtool from outputting
text before PEM-encoded private key, public key, certificate, CRL or CSR.
** API and ABI modifications:
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>;. A list of GnuTLS mirrors can
found at <http://www.gnutls.org/download.html>;.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-help