summaryrefslogtreecommitdiff
path: root/doc/cha-upgrade.texi
blob: 28c9249a7de889aa6fc2a24391b9195c01404dcc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
@node Upgrading from previous versions
@appendix Upgrading from previous versions
@cindex upgrading

The GnuTLS library typically maintains binary and source code compatibility
across versions. The releases that have the major version increased
break binary compatibility but source compatibility is provided.
This section lists exceptional cases where changes to existing code are
required due to library changes.

@heading Upgrading to 2.12.x from previous versions

GnuTLS 2.12.x is binary compatible with previous versions but changes the
semantics of @funcintref{gnutls_transport_set_lowat}, which might cause breakage
in applications that relied on its default value be 1. Two fixes
are proposed:
@itemize
@item  Quick fix. Explicitly call @code{gnutls_transport_set_lowat (session, 1);}
after @funcref{gnutls_init}.
@item Long term fix. Because later versions of gnutls abolish the functionality 
of using the system call @funcintref{select} to check for gnutls pending data, the 
function @funcref{gnutls_record_check_pending} has to be used to achieve the same 
functionality as described in @ref{Asynchronous operation}.
@end itemize

@heading Upgrading to 3.0.x from 2.12.x

GnuTLS 3.0.x is source compatible with previous versions except for the functions
listed below.

@multitable @columnfractions .30 .60
@headitem Old function @tab Replacement

@item @funcintref{gnutls_transport_set_lowat} @tab
To replace its functionality the function @funcref{gnutls_record_check_pending} has to be used,
as described in @ref{Asynchronous operation}

@item @funcintref{gnutls_session_get_server_random},
@funcintref{gnutls_session_get_client_random} 
@tab 
They are replaced by the safer function @funcref{gnutls_session_get_random}

@item @funcintref{gnutls_session_get_master_secret} 
@tab Replaced by the keying material exporters discussed in @ref{Deriving keys for other applications/protocols}

@item @funcintref{gnutls_transport_set_global_errno}
@tab Replaced by using the system's errno facility or @funcref{gnutls_transport_set_errno}.

@item @funcintref{gnutls_x509_privkey_verify_data}
@tab Replaced by @funcref{gnutls_pubkey_verify_data2}.

@item @funcintref{gnutls_certificate_verify_peers}
@tab Replaced by @funcref{gnutls_certificate_verify_peers2}.

@item @funcintref{gnutls_psk_netconf_derive_key}
@tab Removed. The key derivation function was never standardized.

@item @funcintref{gnutls_session_set_finished_function}
@tab Removed.

@item @funcintref{gnutls_ext_register}
@tab Removed. Extension registration API is now internal to allow easier changes in the API.

@item @funcintref{gnutls_certificate_get_x509_crls}, @funcintref{gnutls_certificate_get_x509_cas}
@tab Removed to allow updating the internal structures. Replaced by @funcref{gnutls_certificate_get_issuer}.

@item @funcintref{gnutls_certificate_get_openpgp_keyring}
@tab Removed.

@item @funcintref{gnutls_ia_}
@tab Removed. The inner application extensions were completely removed (they failed to be standardized).

@end multitable

@heading Upgrading to 3.1.x from 3.0.x

GnuTLS 3.1.x is source and binary compatible with GnuTLS 3.0.x releases. Few
functions have been deprecated and are listed below.

@multitable @columnfractions .30 .60
@headitem Old function @tab Replacement

@item @funcintref{gnutls_pubkey_verify_hash} 
@tab The function @funcref{gnutls_pubkey_verify_hash2} is provided and
is functionally equivalent and safer to use.

@item @funcintref{gnutls_pubkey_verify_data} 
@tab The function @funcref{gnutls_pubkey_verify_data2} is provided and
is functionally equivalent and safer to use.

@end multitable

@heading Upgrading to 3.2.x from 3.1.x

GnuTLS 3.2.x is source and binary compatible with GnuTLS 3.1.x releases. Few
functions have been deprecated and are listed below.

@multitable @columnfractions .30 .60
@headitem Old function @tab Replacement

@item @funcintref{gnutls_privkey_sign_raw_data} 
@tab The function @funcref{gnutls_privkey_sign_hash} is equivalent
when the flag @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} is specified.

@end multitable

@heading Upgrading to 3.3.x from 3.2.x

GnuTLS 3.3.x is source and binary compatible with GnuTLS 3.2.x releases;
however there few changes in semantics which are listed below.

@multitable @columnfractions .30 .60
@headitem Old function @tab Replacement

@item @funcintref{gnutls_global_init} 
@tab No longer required. The library is initialized using a constructor.

@item @funcintref{gnutls_global_deinit} 
@tab No longer required. The library is deinitialized using a destructor.

@end multitable

@heading Upgrading to 3.4.x from 3.3.x

GnuTLS 3.4.x is source compatible with GnuTLS 3.3.x releases;
however, several deprecated functions were removed, and are listed below.

@multitable @columnfractions .30 .60
@headitem Old function @tab Replacement

@item Priority string "NORMAL" has been modified
@tab The following string emulates the 3.3.x behavior "NORMAL:+VERS-SSL3.0:+ARCFOUR-128:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1"

@item @funcintref{gnutls_certificate_client_set_retrieve_function},
@funcintref{gnutls_certificate_server_set_retrieve_function}
@tab @funcref{gnutls_certificate_set_retrieve_function}

@item @funcintref{gnutls_certificate_set_rsa_export_params},
@funcintref{gnutls_rsa_export_get_modulus_bits},
@funcintref{gnutls_rsa_export_get_pubkey},
@funcintref{gnutls_rsa_params_cpy},
@funcintref{gnutls_rsa_params_deinit},
@funcintref{gnutls_rsa_params_export_pkcs1},
@funcintref{gnutls_rsa_params_export_raw},
@funcintref{gnutls_rsa_params_generate2},
@funcintref{gnutls_rsa_params_import_pkcs1},
@funcintref{gnutls_rsa_params_import_raw},
@funcintref{gnutls_rsa_params_init}
@tab No replacement; the library does not support the RSA-EXPORT ciphersuites.

@item @funcintref{gnutls_pubkey_verify_hash},
@tab @funcref{gnutls_pubkey_verify_hash2}.

@item @funcintref{gnutls_pubkey_verify_data},
@tab @funcref{gnutls_pubkey_verify_data2}.

@item @funcintref{gnutls_x509_crt_get_verify_algorithm},
@tab No replacement; a similar function is @funcref{gnutls_x509_crt_get_signature_algorithm}.

@item @funcintref{gnutls_pubkey_get_verify_algorithm},
@tab No replacement; a similar function is @funcref{gnutls_pubkey_get_preferred_hash_algorithm}.

@item @funcintref{gnutls_certificate_type_set_priority},
@funcintref{gnutls_cipher_set_priority},
@funcintref{gnutls_compression_set_priority},
@funcintref{gnutls_kx_set_priority},
@funcintref{gnutls_mac_set_priority},
@funcintref{gnutls_protocol_set_priority}
@tab @funcref{gnutls_priority_set_direct}.

@item @funcintref{gnutls_sign_callback_get},
@funcintref{gnutls_sign_callback_set}
@tab @funcref{gnutls_privkey_import_ext3}

@item @funcintref{gnutls_x509_crt_verify_hash}
@tab @funcref{gnutls_pubkey_verify_hash2}

@item @funcintref{gnutls_x509_crt_verify_data}
@tab @funcref{gnutls_pubkey_verify_data2}

@item @funcintref{gnutls_privkey_sign_raw_data}
@tab @funcref{gnutls_privkey_sign_hash} with the flag GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA

@end multitable

@heading Upgrading to 3.6.x from 3.5.x

GnuTLS 3.6.x is source and binary compatible with GnuTLS 3.5.x releases;
however, there are minor differences, listed below.

@multitable @columnfractions .30 .60
@headitem Old functionality @tab Replacement

@item The priority strings "+COMP" are a no-op
@tab TLS compression is no longer available.

@item The SSL 3.0 protocol is a no-op
@tab SSL 3.0 is no longer compiled in by default. It is a legacy protocol
which is completely eliminated from public internet. As such it was removed
to reduce the attack vector for applications using the library.

@item The hash function SHA2-224 is a no-op for TLS1.2
@tab TLS 1.3 no longer uses SHA2-224, and it was never a widespread hash
algorithm. As such it was removed for simplicity.

@item The SRP key exchange accepted parameters outside the @xcite{TLSSRP} spec
@tab The SRP key exchange is restricted to @xcite{TLSSRP} spec parameters
to protect clients from MitM attacks.

@item The compression-related functions are deprecated
@tab No longer use @funcintref{gnutls_compression_get},
@funcintref{gnutls_compression_get_name}, @funcintref{gnutls_compression_list},
and @funcintref{gnutls_compression_get_id}.

@item @funcref{gnutls_x509_crt_sign}, @funcref{gnutls_x509_crl_sign}, @funcref{gnutls_x509_crq_sign}
@tab These signing functions will no longer sign using SHA1, but with a secure hash algorithm.

@item @funcref{gnutls_certificate_set_ocsp_status_request_file}
@tab This function will return an error if the loaded response doesn't match
any of the present certificates. To revert to previous semantics set the @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK}
flag using @funcref{gnutls_certificate_set_flags}.

@item The callback @funcref{gnutls_privkey_import_ext3} is not flexible enough for new signature algorithms such as RSA-PSS
@tab It is replaced with @funcref{gnutls_privkey_import_ext4}

@item Re-handshake functionality is not applicable under TLS 1.3.
@tab It is replaced by separate key update and re-authentication functionality
which can be accessed directly via @funcref{gnutls_session_key_update} and @funcref{gnutls_reauth}.

@item TLS session identifiers are not shared with the server under TLS 1.3.
@tab The TLS session identifiers are persistent across resumption only on
server side and can be obtained as before via @funcref{gnutls_session_get_id2}.

@item @funcref{gnutls_pkcs11_privkey_generate3}, @funcref{gnutls_pkcs11_copy_secret_key}, @funcref{gnutls_pkcs11_copy_x509_privkey2}
@tab These functions no longer create an exportable key by default; they require the flag @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} to do so.

@item @funcref{gnutls_db_set_retrieve_function}, @funcref{gnutls_db_set_store_function}, @funcref{gnutls_db_set_remove_function}
@tab These functions are no longer relevant under TLS 1.3; resumption under
TLS 1.3 is done via session tickets, c.f. @funcref{gnutls_session_ticket_enable_server}.

@item @funcref{gnutls_session_get_data2}, @funcref{gnutls_session_get_data}
@tab These functions may introduce a slight delay under TLS 1.3 for few
milliseconds. Check output of @funcref{gnutls_session_get_flags} for GNUTLS_SFLAGS_SESSION_TICKET
before calling this function to avoid delays.

@item SRP and RSA-PSK key exchanges are not supported under TLS 1.3
@tab SRP and RSA-PSK key exchanges are not supported in TLS 1.3, so when these key exchanges are present in a priority string, TLS 1.3 is disabled.

@item Anonymous key exchange is not supported under TLS 1.3
@tab There is no anonymous key exchange supported under TLS 1.3, so if an anonymous key exchange method is set in a priority string, and no certificate credentials are set in the client or server, TLS 1.3 will not be negotiated.

@item ECDHE-PSK and DHE-PSK keywords have the same meaning under TLS 1.3
@tab In the priority strings, both @code{ECDHE@-PSK} and @code{DHE@-PSK} indicate the intent to support an ephemeral key exchange with the pre-shared key.  The parameters of the key exchange are negotiated with the supported groups specified in the priority string.

@item Authentication-only ciphersuites are not supported under TLS 1.3
@tab Ciphersuites with the @code{NULL} cipher (i.e., authentication-only) are not supported in TLS 1.3, so when they are specified in a priority string, TLS 1.3 is disabled.

@item Supplemental data is not supported under TLS 1.3
@tab The TLS supplemental data handshake message (RFC 4680) is not supported under TLS 1.3, so if the application calls @funcref{gnutls_supplemental_register} or @funcref{gnutls_session_supplemental_register}, TLS 1.3 is disabled.

@end multitable