[gnutls-help] gnutls 3.6.8
nmav at gnutls.org
Tue May 28 07:40:09 CEST 2019
I've just released gnutls 3.6.8. This is a bug fix release on the
stable 3.6.x branch.
I'd like to thank everyone who contributed in this release:
Aleksei Nikiforov, Alon Bar-Lev, Andreas Metzler, Bernhard M.
Wiedemann, Daiki Ueno, Daniel Schaefer, Dmitry Eremin-Solenikov,
Elta Koepp, Kenneth J. Miller, Maciej S. Szmigiero, Marius Bakke
Simo Sorce and Tim Rühsen.
The detailed list of changes follows; they can be seen in more detail
in our milestone tracker:
* Version 3.6.8 (released 2019-05-28)
** libgnutls: Added gnutls_prf_early() function to retrieve early keying
** libgnutls: Added support for AES-XTS cipher (#354)
** libgnutls: Fix calculation of Streebog digests (incorrect carry operation in
512 bit addition)
** libgnutls: During Diffie-Hellman operations in TLS, verify that the peer's
public key is on the right subgroup (y^q=1 mod p), when q is available (under
TLS 1.3 and under earlier versions when RFC7919 parameters are used).
** libgnutls: the gnutls_srp_set_server_credentials_function can now be used
with the 8192 parameters as well (#995).
** libgnutls: Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag (#754)
** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow
clients to communicate with the server advertising smaller limits than 512
** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent
hostname/domain crafting via IDNA conversion (#720)
** certtool: allow the digital signature key usage flag in CA certificates.
Previously certtool would ignore this flag for CA certificates even if
** gnutls-cli/serv: added the --keymatexport and --keymatexportsize options.
These allow testing the RFC5705 using these tools.
** API and ABI modifications:
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>;;. A list of GnuTLS mirrors can
be found at <http://www.gnutls.org/download.html>;;.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-help