From 68076057dfd6952a3b7d33f23e20b32072927885 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 7 Jul 2018 19:48:14 +0200 Subject: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 49 +++++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/NEWS b/NEWS index f5ccb42b95..a6e480aace 100644 --- a/NEWS +++ b/NEWS @@ -14,9 +14,11 @@ See the end for copying conditions. and key usage limits. TLS1.3 draft-28 support can be enabled by default if the option --enable-tls13-support is given to configure script. -** libgnutls: Introduced function to switch the current FIPS140-2 operational - mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2 - operations. +** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or + earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings + TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority + strings, then TLS 1.3 negotiation will be disabled if the session is associated + only with an anonymous credentials structure. ** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12, @@ -24,31 +26,39 @@ See the end for copying conditions. 256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357), and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836). -** libgnutls: Improve compatibility with TLS1.2 and earlier protocol options under - TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings - TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority - strings, then TLS 1.3 negotiation will be disabled if the session is associated - with an anonymous credentials structure. - -** Provide a uniform cipher list across different protocols; the CAMELLIA ciphers +** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default - priority strings. + priority strings, as they are undefined under TLS1.3 and they provide not advantage + over other options in earlier protocols. + +** libgnutls: Introduced function to switch the current FIPS140-2 operational + mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2 + operations. ** libgnutls: Introduced low-level function to assist applications attempting client hello extension parsing, prior to GnuTLS' parsing of the message. ** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no - modifications to the certificate. That would prevent DER re-encoding issues in - libtasn1, or other DER incompatibilities to affect the verbatim use of a certificate. + modifications to the certificate. That prevents DER re-encoding issues with incorrectly + encoded certificates, or other DER incompatibilities to affect a TLS session. Relates with #403 -** libgnutls: gnutls_privkey_import_ext4() was enhanced with the - GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. - ** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups which are preferred by the server. That unfortunately has complicated semantics as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering, - making group order unpredictable under TLS1.3. + which could make group order unpredictable if TLS1.3 is negotiated. + +** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen + and Adi Shamir reported that the existing counter-measures had certain issues and + were insufficient under a new Lucky13-type of attack which shares the cache and + chosen-plaintext. This affected the legacy CBC ciphersuites when the encrypt-then-MAC + TLS feature was not supported by the peer. + +** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation + of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. + +** libgnutls: gnutls_privkey_import_ext4() was enhanced with the + GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. ** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default @@ -57,11 +67,6 @@ See the end for copying conditions. ** libgnutls: improved aarch64 cpu features detection by using getauxval(). -** Improved counter-measures for TLS CBC record padding, when encrypt-then-MAC - mode is not used. Introduced the %FORCE_ETM priority string option. This option - prevents the negotiation of legacy CBC ciphersuites unless encrypt-then-mac - is negotiated as well. - ** certtool: It is now possible to specify certificate and serial CRL numbers greater than 2**63-2 as a hex-encoded string both when prompted and in a template file. Default certificate serial numbers are now fully random. Default CRL -- cgit v1.2.1