rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity
gnutls/gnutls-3.6.12.tar.xz
Vítězslav Čížek 0a5979b677 Accepting request 769920 from home:mimi_vx:branches:security:tls 
- gnutls 3.6.12
 * libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
   to identify sessions that client request OCSP status request (#829).
 * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
   signature algorithm (RFC 8032) under TLS (#86).
 * libgnutls: Added the default-priority-string option to system configuration;
   it allows overriding the compiled-in default-priority-string.
 * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
   draft-smyshlyaev-tls12-gost-suites-07).
   By default this ciphersuite is disabled. It can be enabled by adding
   +GOST to priority string. In the future this priority string may enable
   other GOST ciphersuites as well.  Note, that server will fail to negotiate
   GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
   is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
   are enabled on GnuTLS-based servers.
 * libgnutls: added priority shortcuts for different GOST categories like
   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
 * libgnutls: Reject certificates with invalid time fields. That is we reject
   certificates with invalid characters in Time fields, or invalid time formatting
   To continue accepting the invalid form compile with --disable-strict-der-time
 * libgnutls: Reject certificates which contain duplicate extensions. We were
   previously printing warnings when printing such a certificate, but that is
   not always sufficient to flag such certificates as invalid. Instead we now
   refuse to import them (#887).
 * libgnutls: If a CA is found in the trusted list, check in addition to
   time validity, whether the algorithms comply to the expected level prior
   to accepting it. This addresses the problem of accepting CAs which would
   have been marked as insecure otherwise (#877).
 * libgnutls: The min-verification-profile from system configuration applies
   for all certificate verifications, not only under TLS. The configuration can

OBS-URL: https://build.opensuse.org/request/show/769920
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=30
2020-02-04 10:06:09 +00:00

4 lines
132 B
Plaintext
Raw Blame History

version https://git-lfs.github.com/spec/v1
oid sha256:bfacf16e342949ffd977a9232556092c47164bd26e166736cf3459a870506c4b
size 5942064
View Git Blame Copy Permalink