[gnutls-help] gnutls 3.7.2
ueno at gnu.org
Sat May 29 10:54:52 CEST 2021
We've just released gnutls 3.7.2. This is a bug fix and enhancement
release on the 3.7.x branch.
We'd like to thank everyone who contributed in this release:
Alexander Sosedkin, Andreas Metzler, Daiki Ueno, Daniel Kahn Gillmor,
František Krenželok, Leonardo Bras, Ludovic Courtès, Ruslan
N. Marchenko, and Stephan Mueller.
The detailed list of changes follows:
* Version 3.7.2 (released 2021-05-29)
** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
to disable TLS 1.3 middlebox compatibility mode
** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
This can be enabled with --enable-afalg configure option, when libkcapi
package is installed (#308).
** libgnutls: Fixed timing of early data exchange. Previously, the client was
sending early data after receiving Server Hello, which not only negates the
benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
same ciphersuite is selected in initial and resumption handshake) (#1146).
** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
copied from the signing CA by default (#1126).
** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
deprecated and will be removed in the future releases.
** certtool: When producing certificates and certificate requests, subject DN
components that are provided individually will now be ordered by
assumed scale (e.g. Country before State, Organization before
OrganizationalUnit). This change also affects the order in which
certtool prompts interactively. Please rely on the template
mechanism for automated use of certtool! (#1243)
** API and ABI modifications:
Getting the Software
GnuTLS may be downloaded directly from <
A list of GnuTLS mirrors can be found at <
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:
Note that it has been signed with my openpgp key:
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
uid [ultimate] Daiki Ueno <ueno at unixuser.org>
uid [ultimate] Daiki Ueno <ueno at gnu.org>
sub rsa4096 2010-02-04 [E]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: not available
More information about the Gnutls-help