[gnutls-help] gnutls 3.7.2

Daiki Ueno ueno at gnu.org
Sat May 29 10:54:52 CEST 2021

 We've just released gnutls 3.7.2. This is a bug fix and enhancement
release on the 3.7.x branch.

We'd like to thank everyone who contributed in this release:
Alexander Sosedkin, Andreas Metzler, Daiki Ueno, Daniel Kahn Gillmor,
František Krenželok, Leonardo Bras, Ludovic Courtès, Ruslan
N. Marchenko, and Stephan Mueller.

The detailed list of changes follows:

* Version 3.7.2 (released 2021-05-29)

** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
   to disable TLS 1.3 middlebox compatibility mode

** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
   This can be enabled with --enable-afalg configure option, when libkcapi
   package is installed (#308).

** libgnutls: Fixed timing of early data exchange. Previously, the client was
   sending early data after receiving Server Hello, which not only negates the
   benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
   same ciphersuite is selected in initial and resumption handshake) (#1146).

** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
   copied from the signing CA by default (#1126).

** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
   GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
   deprecated and will be removed in the future releases.

** certtool: When producing certificates and certificate requests, subject DN
   components that are provided individually will now be ordered by
   assumed scale (e.g. Country before State, Organization before
   OrganizationalUnit).  This change also affects the order in which
   certtool prompts interactively.  Please rely on the template
   mechanism for automated use of certtool! (#1243)

** API and ABI modifications:
gnutls_early_cipher_get: Added
gnutls_early_prf_hash_get: Added

Getting the Software

GnuTLS may be downloaded directly from <
A list of GnuTLS mirrors can be found at <

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:


Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Daiki Ueno

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210529/104682e0/attachment.sig>

More information about the Gnutls-help mailing list