[gnutls-help] gnutls 3.6.10

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 29 13:09:50 CEST 2019

 I've just released gnutls 3.6.10. This is a bug fix release on the
stable 3.6.x branch.

I'd like to thank everyone who contributed in this release:
Daiki Ueno, Dmitry Eremin-Solenikov, Ludovic Courtès, Tom Vrancken,
Andreas Metzler, Karsten Ohme, Michael Catanzaro and Tim Rühsen.

The detailed list of changes follows; they can be seen in more detail
in our milestone tracker:


* Version 3.6.10 (released 2019-09-29)

** libgnutls: Added support for deterministic ECDSA/DSA (RFC6979)
   Deterministic signing can be enabled by setting
   GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*()
   functions (#94).

** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2
   functions that will perform in-place encryption/decryption on data buffers (#718).

** libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under
   TLS1.3, if a timeout callback was not set using gnutls_transport_set_pull_timeout_function()

** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
   issue with large record handling due to random padding (#811).

** libgnutls: the server now selects the highest TLS protocol version,
   if TLS 1.3 is enabled and the client advertises an older protocol version first (#837).

** libgnutls: fix non-PIC assembly on i386 (#818).

** libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode
   and MAC generation based on GOST 28147-89 (IMIT). For description of the
   modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in
   RFC 7836.

** certtool: when outputting an encrypted private key do not insert the textual description
   of it. This fixes a regression since 3.6.5 (#840).

** API and ABI modifications:
gnutls_aead_cipher_encryptv2: Added
gnutls_aead_cipher_decryptv2: Added

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>;;;.  A list of GnuTLS mirrors can
be found at <http://www.gnutls.org/download.html>;;;.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-help mailing list