[gnutls-help] gnutls 3.6.14

Daiki Ueno ueno at gnu.org
Wed Jun 3 16:01:10 CEST 2020


Hello,
 We've just released gnutls 3.6.14. This is a security and bug fix
release on the stable 3.6.x branch.

We'd like to thank everyone who contributed in this release:
Dmitry Baryshkov, Daiki Ueno, Nikos Mavrogiannopoulos, Steve Lhomme,
Anderson Toshiyuki Sasaki, Pierre Ossman, Tim Rühsen, Bernhard
M. Wiedemann, and rrivers2.

The detailed list of changes follows; they can be seen in more detail
in our milestone tracker:
https://gitlab.com/gnutls/gnutls/-/milestones/28

* Version 3.6.14 (released 2020-06-03)

** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
   The TLS server would not bind the session ticket encryption key with a
   value supplied by the application until the initial key rotation, allowing
   attacker to bypass authentication in TLS 1.3 and recover previous
   conversations in TLS 1.2 (#1011).
   [GNUTLS-SA-2020-06-03, CVSS: high]

** libgnutls: Fixed handling of certificate chain with cross-signed
   intermediate CA certificates (#1008).

** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
   (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
   Key Identifier (AKI) properly (#989, #991).

** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

** libgnutls: Added several improvements on Windows Vista and later releases
   (!1257, !1254, !1256). Most notably the system random number generator now
   uses Windows BCrypt* API if available (!1255).

** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
   Also both accelerated and non-accelerated implementations check key block
   according to FIPS-140-2 IG A.9 (!1233).

** libgnutls: Added support for AES-SIV ciphers (#463).

** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

** libgnutls: No longer use internal symbols exported from Nettle (!1235)

** API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added

Getting the Software
====================

GnuTLS may be downloaded directly from <
ftp://ftp.gnutls.org/gcrypt/gnutls/>;.
A list of GnuTLS mirrors can be found at <
http://www.gnutls.org/download.html>

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.14.tar.xz

Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.14.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
      462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Regards,
-- 
Daiki Ueno, on behalf of the GnuTLS development team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20200603/cf9d8a4c/attachment-0001.sig>


More information about the Gnutls-help mailing list