- Update to 3.6.6
** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
on the public key (#640).
** libgnutls: Added support for raw public-key authentication as defined in RFC7250.
Raw public-keys can be negotiated by enabling the corresponding certificate
types via the priority strings. The raw public-key mechanism must be explicitly
enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
** libgnutls: When on server or client side we are sending no extensions we do
not set an empty extensions field but we rather remove that field competely.
This solves a regression since 3.5.x and improves compatibility of the server
side with certain clients.
** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
the CKA_SIGN is not set (#667).
** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
disable extensions at all cases, while providing a functional session. This
also implies that when specified, TLS1.3 is disabled.
** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
The previous definition was non-functional (#609).
- drop no longer needed gnutls-enbale-guile-2.2.patch
- refresh disable-psk-file-test.patch
OBS-URL: https://build.opensuse.org/request/show/671127
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=17
- Update to 3.6.5
** libgnutls: Provide the option of transparent re-handshake/reauthentication
when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
** libgnutls: The priority functions will ignore and not enable TLS1.3 if
requested with legacy TLS versions enabled but not TLS1.2. That is because
if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
servers which do not support TLS1.3 will negotiate TLS1.2 which will be
rejected by the client as disabled (#621).
** libgnutls: Change RSA decryption to use a new side-channel silent function.
This addresses a security issue where memory access patterns as well as timing
on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
attacks. Side-channel resistant code is slower due to the need to mask
access and timings. When used in TLS the new functions cause RSA based
handshakes to be between 13% and 28% slower on average (Numbers are indicative,
the tests where performed on a relatively modern Intel CPU, results vary
depending on the CPU and architecture used). This change makes nettle 3.4.1
the minimum requirement of gnutls (#630). [CVSS: medium]
** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
in the priority string. It is only accepted as legacy option and is ignored.
** libgnutls: Added support for EdDSA under PKCS#11 (#417)
** libgnutls: Added support for AES-CFB8 cipher (#357)
** libgnutls: Added support for AES-CMAC MAC (#351)
** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
S-BOXes). They are fixed now.
** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
keys parsing, as specified in R 50.1.112-2016.
** gnutls-serv: It applies the default settings when no --priority option is given,
using gnutls_set_default_priority().
OBS-URL: https://build.opensuse.org/request/show/662795
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=16
