1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.OPENBSD.ANN

  • LibreSSL 3.1.1 released

    From Brent Cook@21:1/5 to All on Tue May 12 12:00:02 2020
    Copy: libressl@openbsd.org

    We have released LibreSSL 3.1.1, which will be arriving in the
    LibreSSL directory of your local OpenBSD mirror soon.

    This is the first stable release from the 3.1 series, which is included
    with OpenBSD 6.7. It includes the following changes from 3.0:

    * New Features
    - Completed initial TLS 1.3 implementation with a completely new state
    machine and record layer. TLS 1.3 is now enabled by default for the client
    side, with the server side to be enabled in a future release. Note that
    the OpenSSL TLS 1.3 API is not yet visible/available.
    - Improved cipher suite handling to automatically include TLSv1.3 cipher
    suites when they are not explicitly referred to in the cipher string.
    - Provided TLSv1.3 cipher suite aliases to match the names used in RFC 8446.
    - Added cms subcommand to openssl(1).
    - Added -addext option to openssl(1) req subcommand.
    - Added -groups option to openssl(1) s_server subcommand.
    - Added TLSv1.3 extension types to openssl(1) -tlsextdebug.

    * API and Documentation Enhancements
    - Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
    - Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
    1.1.1 and enabled by default.

    * Compatibility Changes
    - Improved compatibility by backporting functionality and documentation from
    OpenSSL 1.1.1.
    - Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.

    * Testing and Proactive Security:
    - Added many new additional crypto test vectors.
    - Fix to disallow setting the AES-GCM IV length to zero.

    * Internal Improvements
    - Many more code cleanups, fixes, and improvements to memory handling and
    protocol parsing.

    * Portable Improvements
    - Default CA bundle location is now configurable in portable builds.
    - Improved portable builds to support for use of static MSVC runtimes.
    - Fixed portable builds to avoid exporting a sleep() symbol.

    * Bug Fixes
    - Fixed printing the serialNumber with X509_print_ex() fall back to the
    colon separated hex bytes in case greater than int value.

    The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)