- updated to 3.4.0 (released 2015-04-08)
  ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
  ciphersuites. The former are enabled by default, the latter need to be
  explicitly enabled, since they reduce the overall security level.
  ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
  draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
  That is currently provided as technology preview and is not enabled by
  default, since there are no assigned ciphersuite points by IETF and there 
  is no guarrantee of compatibility between draft versions. The ciphersuite
  priority string to enable it is "+CHACHA20-POLY1305".
  ** libgnutls: Added support for encrypt-then-authenticate in CBC
  ciphersuites (RFC7366 -taking into account its errata text). This is
  enabled by default and can be disabled using the %NO_ETM priority
  string.
  ** libgnutls: Added support for the extended master secret
  (triple-handshake fix) following draft-ietf-tls-session-hash-02.
  ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
  ** libgnutls: SSL 3.0 is no longer included in the default priorities
  list. It has to be explicitly enabled, e.g., with a string like
  "NORMAL:+VERS-SSL3.0".
  ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
  list. It has to be explicitly enabled, e.g., with a string like
  "NORMAL:+ARCFOUR-128".
  ** libgnutls: DSA signatures and DHE-DSS are no longer included in the
  default priorities list. They have to be explicitly enabled, e.g., with
  a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
  DSA ciphersuites were dropped because they had no deployment at all
  on the internet, to justify their inclusion.
  ** libgnutls: The priority string EXPORT was completely removed. The string

• Files Changed
• Browse Source