[gnutls-help] gnutls 3.7.8

Alexander Sosedkin monk at unboiled.info
Tue Sep 27 18:29:55 CEST 2022


Hello,

We have just released gnutls-3.7.8.
This is a bug fix and enhancement release on the 3.7.x branch.

We would like to thank everyone who contributed in this release:

Alexander Sosedkin, Andreas Metzler, Daiki Ueno, Doug Nazar,
František Krenželok, Martin Storsjö, Simon Josefsson, Stanislav Zidek,
Tobias Heider and Zoltán Fridrich.

The detailed list of changes follows:

* Version 3.7.8 (released 2022-09-27)

** libgnutls: In FIPS140 mode, RSA signature verification is an approved
   operation if the key has modulus with known sizes (1024, 1280,
   1536, and 1792 bits), in addition to any modulus sizes larger than
   2048 bits, according to SP800-131A rev2.

** libgnutls: gnutls_session_channel_binding performs additional checks when
   GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
   "tls-exporter" channel binding is only usable when the handshake is
   bound to a unique master secret (i.e., either TLS 1.3 or extended
   master secret extension is negotiated). Otherwise the function now
   returns error.

** libgnutls: usage of the following functions, which are designed to
   loosen restrictions imposed by allowlisting mode of configuration,
   has been additionally restricted. Invoking them is now only allowed
   if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled

** API and ABI modifications:
No changes since last version.

Getting the Software
================

GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html

Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.8.tar.xz

Here are OpenPGP detached signatures signed using keys:
E987AB7F7E89667776D05B3BB0E9DD20B29F1432,
5D46CB0F763405A7053556F47A75A648B3F9220C
and
462225C3B46F34879FC8496CD605848ED7E69871:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.8.tar.xz.sig

Note that it has been signed with my OpenPGP key:
pub   rsa4096 2016-09-27 [SC]
      E987AB7F7E89667776D05B3BB0E9DD20B29F1432
uid           [ultimate] Alexander Sosedkin <monk at unboiled.info>
sub   rsa4096 2016-09-27 [E]
sub   rsa4096 2016-09-27 [S]

Zoltán Fridrich's OpenPGP key:
pub   ed25519 2021-12-23 [SC] [expires: 2023-12-23]
      5D46CB0F763405A7053556F47A75A648B3F9220C
uid           [ultimate] Zoltan Fridrich <zfridric at redhat.com>
sub   cv25519 2021-12-23 [E] [expires: 2023-12-23]

and Daiki Ueno's OpenPGP key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
      462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Regards,
Alexander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220927/cfccb1c9/attachment.sig>


More information about the Gnutls-help mailing list