diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 25 |
1 files changed, 14 insertions, 11 deletions
@@ -5,10 +5,10 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2017 Nikos Mavrogiannopoulos See the end for copying conditions. -* Version 3.6.5 (unreleased) +* Version 3.6.5 (released 2018-12-01) ** libgnutls: Provide the option of transparent re-handshake/reauthentication - when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init(). + when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) @@ -18,9 +18,21 @@ See the end for copying conditions. servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). +** libgnutls: Change RSA decryption to use a new side-channel silent function. + This addresses a security issue where memory access patterns as well as timing + on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher + attacks. Side-channel resistant code is slower due to the need to mask + access and timings. When used in TLS the new functions cause RSA based + handshakes to be between 13% and 28% slower on average (Numbers are indicative, + the tests where performed on a relatively modern Intel CPU, results vary + depending on the CPU and architecture used). This change makes nettle 3.4.1 + the minimum requirement of gnutls (#630). [CVSS: medium] + ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword in the priority string. It is only accepted as legacy option and is ignored. +** libgnutls: Added support for EdDSA under PKCS#11 (#417) + ** libgnutls: Added support for AES-CFB8 cipher (#357) ** libgnutls: Added support for AES-CMAC MAC (#351) @@ -41,15 +53,6 @@ See the end for copying conditions. ** certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. -** libgnutls: Change RSA decryption to use a new side-channel silent function. - This addresses a security issue where memory access patterns as well as timing - on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher - attacks. Side-channel resistant code is slower due to the need to mask - access and timings. When used in TLS the new functions cause RSA based - handshakes to be between 13% and 28% slower on average (Numbers are indicative, - the tests where performed on a relatively modern Intel CPU, results vary - depending on the CPU and architecture used). - ** API and ABI modifications: GNUTLS_AUTO_REAUTH: Added GNUTLS_CIPHER_AES_128_CFB8: Added |