diff options
author | Simon Josefsson <simon@josefsson.org> | 2022-10-31 21:24:01 +0100 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2022-10-31 21:24:01 +0100 |
commit | 97c9d231eb9ba6e6043c603bf400d7f0e92ff7f7 (patch) | |
tree | 087ca29855fb9154e6a4ecda0bbe5d2c92d32e38 /doc | |
parent | f5dcbdb46df52458e3756193c2a23bf558a3ecfd (diff) | |
download | gnutls-97c9d231eb9ba6e6043c603bf400d7f0e92ff7f7.tar.gz |
Drop stale doc/announce.txt.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/announce.txt | 294 |
1 files changed, 0 insertions, 294 deletions
diff --git a/doc/announce.txt b/doc/announce.txt deleted file mode 100644 index 942cf20a8b..0000000000 --- a/doc/announce.txt +++ /dev/null @@ -1,294 +0,0 @@ -To: gnutls-help@lists.gnutls.org, gnutls-devel@lists.gnutls.org -Bcc: coordinator@translationproject.org -Subject: GnuTLS 3.4.0 released -<#part sign=pgpmime> -We are proud to announce a new GnuTLS release: Version 3.4.0. - -GnuTLS is a modern C library that implements the standard network -security protocol Transport Layer Security (TLS), for use by network -applications. GnuTLS is developed for GNU/Linux, but works on many -Unix-like systems and as well as Windows. - -The GnuTLS library is distributed under the terms of the GNU Lesser -General Public License version 2 (or later). The "extra" GnuTLS -library (which contains), the OpenSSL compatibility library, the self tests -and the command line tools are all distributed under the GNU General -Public License version 3.0 (or later). The manual is distributed -under the GNU Free Documentation License version 1.3 (or later). - -The project page of the library is available at: - https://www.gnutls.org/ - -What's New -========== - -Version 3.4.0 is the first stable release on the 3.4.x branch and is -the result of a year of planning and work [0] on the git master branch. -The GnuTLS 3.4.x branch is marked as stable-next, meaning it is considered -of stable quality but will not yet replace the current stable releases -based on 3.3.0, which will continue to be supported. - -[0]. https://gitlab.com/gnutls/gnutls/wikis/Plan3_4 - - -* Version 3.4.0 - -** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) -ciphersuites. The former are enabled by default, the latter need to be -explicitly enabled, since they reduce the overall security level. - -** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following -draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. -That is currently provided as technology preview and is not enabled by -default, since there are no assigned ciphersuite points by IETF and there -is no guarantee of compatibility between draft versions. The ciphersuite -priority string to enable it is "+CHACHA20-POLY1305". - -** libgnutls: Added support for encrypt-then-authenticate in CBC -ciphersuites (RFC7366 -taking into account its errata text). This is -enabled by default and can be disabled using the %NO_ETM priority -string. - -** libgnutls: Added support for the extended master secret -(triple-handshake fix) following draft-ietf-tls-session-hash-02. - -** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). - -** libgnutls: SSL 3.0 is no longer included in the default priorities -list. It has to be explicitly enabled, e.g., with a string like -"NORMAL:+VERS-SSL3.0". - -** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities -list. It has to be explicitly enabled, e.g., with a string like -"NORMAL:+ARCFOUR-128". - -** libgnutls: DSA signatures and DHE-DSS are no longer included in the -default priorities list. They have to be explicitly enabled, e.g., with -a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The -DSA ciphersuites were dropped because they had no deployment at all -on the internet, to justify their inclusion. - -** libgnutls: The priority string EXPORT was completely removed. The string -was already defunc as support for the EXPORT ciphersuites was removed in -GnuTLS 3.2.0. - -** libgnutls: Added API to utilize system specific private keys in -"gnutls/system-keys.h". It is currently provided as technology preview -and is restricted to windows CNG keys. - -** libgnutls: gnutls_x509_crt_check_hostname() and friends will use -RFC6125 comparison of hostnames. That introduces a dependency on libidn. - -** libgnutls: Depend on p11-kit 0.23.1 to comply with the final -PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). - -** libgnutls: Depend on nettle 3.1. - -** libgnutls: Use getrandom() or getentropy() when available. That -avoids the complexity of file descriptor handling and issues with -applications closing all open file descriptors on startup. - -** libgnutls: Use pthread_atfork() to detect fork when available. - -** libgnutls: The gnutls_handshake() process will enforce a timeout by -default. - -** libgnutls: If a key purpose (extended key usage) is specified for verification, -it is applied into intermediate certificates. The verification result -GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. - -** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in -combination with PKCS #11, or TPM URLs, it will utilize the provided -password as PIN if required. That removes the requirement for the -application to set a callback for PINs in that case. - -** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are -restricted to the corresponding protocols only, and the VERS-ALL -string is introduced to catch all possible protocols. - -** libgnutls: Added helper functions to obtain information on PKCS #8 -structures. - -** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t -will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. - -** libgnutls: Added functions to export and set the record state. That -allows for gnutls_record_send() and recv() to be offloaded (to kernel, -hardware or any other subsystem). - -** libgnutls: Added the ability to register application specific URL -types, which express certificates and keys using gnutls_register_custom_url(). - -** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., -to override AES-GCM using a system-specific accelerator. That is, (crypto.h) -gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), -gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). - -** libgnutls: Added gnutls_ext_register() to register custom extensions. -Contributed by Thierry Quemerais. - -** libgnutls: Added gnutls_supplemental_register() to register custom -supplemental data handshake messages. Contributed by Thierry Quemerais. - -** libgnutls-openssl: it is no longer built by default. - -** certtool: Added --p8-info option, which will print PKCS #8 information -even if the password is not available. - -** certtool: --key-info option will print PKCS #8 encryption information -when available. - -** certtool: Added the --key-id and --fingerprint options. - -** certtool: Added the --verify-hostname, --verify-email and --verify-purpose -options to be used in certificate chain verification, to simulate verification -for specific hostname and key purpose (extended key usage). - -** certtool: --p12-info option will print PKCS #12 MAC and cipher information -when available. - -** certtool: it will print the A-label (ACE) names in addition to UTF-8. - -** p11tool: added options --set-id and --set-label. - -** gnutls-cli: added options --priority-list and --save-cert. - -** guile: Deprecated priority API has been removed. The old priority API, -which had been deprecated for some time, is now gone; use 'set-session-priorities!' -instead. - -** guile: Remove RSA parameters and related procedures. This API had been -deprecated. - -** guile: Fix compilation on MinGW. Previously only the static version of the -'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. - -** API and ABI modifications: -gnutls_record_get_state: Added -gnutls_record_set_state: Added -gnutls_aead_cipher_init: Added -gnutls_aead_cipher_decrypt: Added -gnutls_aead_cipher_encrypt: Added -gnutls_aead_cipher_deinit: Added -gnutls_pkcs12_generate_mac2: Added -gnutls_pkcs12_mac_info: Added -gnutls_pkcs12_bag_enc_info: Added -gnutls_pkcs8_info: Added -gnutls_pkcs_schema_get_name: Added -gnutls_pkcs_schema_get_oid: Added -gnutls_pcert_export_x509: Added -gnutls_pcert_export_openpgp: Added -gnutls_pcert_import_x509_list: Added -gnutls_pkcs11_privkey_cpy: Added -gnutls_x509_crq_get_signature_algorithm: Added -gnutls_x509_trust_list_iter_get_ca: Added -gnutls_x509_trust_list_iter_deinit: Added -gnutls_x509_trust_list_get_issuer_by_dn: Added -gnutls_pkcs11_get_raw_issuer_by_dn: Added -gnutls_certificate_get_trust_list: Added -gnutls_privkey_export_x509: Added -gnutls_privkey_export_pkcs11: Added -gnutls_privkey_export_openpgp: Added -gnutls_privkey_import_ext3: Added -gnutls_certificate_get_x509_key: Added -gnutls_certificate_get_x509_crt: Added -gnutls_certificate_get_openpgp_key: Added -gnutls_certificate_get_openpgp_crt: Added -gnutls_record_discard_queued: Added -gnutls_session_ext_master_secret_status: Added -gnutls_priority_string_list: Added -gnutls_dh_params_import_raw2: Added -gnutls_memset: Added -gnutls_memcmp: Added -gnutls_pkcs12_bag_set_privkey: Added -gnutls_ocsp_resp_get_responder_raw_id: Added -gnutls_system_key_iter_deinit: Added -gnutls_system_key_iter_get_info: Added -gnutls_system_key_delete: Added -gnutls_system_key_add_x509: Added -gnutls_system_recv_timeout: Added -gnutls_register_custom_url: Added -gnutls_pkcs11_obj_list_import_url3: Added -gnutls_pkcs11_obj_list_import_url4: Added -gnutls_pkcs11_obj_set_info: Added -gnutls_crypto_register_cipher: Added -gnutls_crypto_register_aead_cipher: Added -gnutls_crypto_register_mac: Added -gnutls_crypto_register_digest: Added -gnutls_ext_register: Added -gnutls_supplemental_register: Added -gnutls_supplemental_recv: Added -gnutls_supplemental_send: Added -gnutls_openpgp_crt_check_email: Added -gnutls_x509_crt_check_email: Added -gnutls_handshake_set_hook_function: Modified -gnutls_pkcs11_privkey_generate3: Added -gnutls_pkcs11_copy_x509_crt2: Added -gnutls_pkcs11_copy_x509_privkey2: Added -gnutls_pkcs11_obj_list_import_url: Removed -gnutls_pkcs11_obj_list_import_url2: Removed -gnutls_certificate_client_set_retrieve_function: Removed -gnutls_certificate_server_set_retrieve_function: Removed -gnutls_certificate_set_rsa_export_params: Removed -gnutls_certificate_type_set_priority: Removed -gnutls_cipher_set_priority: Removed -gnutls_compression_set_priority: Removed -gnutls_kx_set_priority: Removed -gnutls_mac_set_priority: Removed -gnutls_protocol_set_priority: Removed -gnutls_rsa_export_get_modulus_bits: Removed -gnutls_rsa_export_get_pubkey: Removed -gnutls_rsa_params_cpy: Removed -gnutls_rsa_params_deinit: Removed -gnutls_rsa_params_export_pkcs1: Removed -gnutls_rsa_params_export_raw: Removed -gnutls_rsa_params_generate2: Removed -gnutls_rsa_params_import_pkcs1: Removed -gnutls_rsa_params_import_raw: Removed -gnutls_rsa_params_init: Removed -gnutls_sign_callback_get: Removed -gnutls_sign_callback_set: Removed -gnutls_x509_crt_verify_data: Removed -gnutls_x509_crt_verify_hash: Removed -gnutls_pubkey_get_verify_algorithm: Removed -gnutls_x509_crt_get_verify_algorithm: Removed -gnutls_pubkey_verify_hash: Removed -gnutls_pubkey_verify_data: Removed -gnutls_record_set_max_empty_records: Removed - -guile: -set-session-cipher-priority!: Removed -set-session-mac-priority!: Removed -set-session-compression-method-priority!: Removed -set-session-kx-priority!: Removed -set-session-protocol-priority!: Removed -set-session-certificate-type-priority!: Removed -set-session-default-priority!: Removed -set-session-default-export-priority!: Removed -make-rsa-parameters: Removed -rsa-parameters?: Removed -set-certificate-credentials-rsa-export-parameters!: Removed -pkcs1-import-rsa-parameters: Removed -pkcs1-export-rsa-parameters: Removed - - -Community -========= - -If you need help to use GnuTLS, or want to help others, you are invited -to join our help-gnutls mailing list, see: - - https://lists.gnutls.org/mailman/listinfo/gnutls-help - -If you wish to participate in the development of GnuTLS, you are invited -to join our gnutls-dev mailing list, see: - - https://lists.gnutls.org/mailman/listinfo/gnutls-dev - -Internationalization -==================== - -The GnuTLS library messages have been translated into Czech, Dutch, -French, German, Italian, Malay, Polish, Simplified Chinese, Swedish, -and Vietnamese. We welcome the addition of more translations. - |