[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Experimental: GnuTLS 1.3.1

From: Simon Josefsson
Subject: [Help-gnutls] Experimental: GnuTLS 1.3.1
Date: Thu, 08 Dec 2005 21:01:27 +0100
User-agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

We are pleased to announce the availability of GnuTLS version 1.3.1,
the second release on the experimental 1.3.x branch.

The goal of 1.3.x will be to merge work currently done on CVS
branches, for TLS Pre-Shared-Keys and TLS Inner Application.  Other
planned improvements in 1.3.x are system-independent resume data
structures, modularization of the bignum operations, and TLS OpenPGP
improvements.  So far, TLS-PSK and system-independent resume data has
been implemented.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:

The project page of the library is available at: (updated fastest)

Here are the compressed sources: (3.0MB) (3.0MB)

Here are GPG detached signatures signed using key 0xB565716F:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
  1280R/B565716F 2002-05-05 [expires: 2006-02-28]
  Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F

The key is available from:

Here are the build reports for various platforms:

Here are the SHA-1 checksums:

80eb527cf981344778d0dd6cb2ed25f379d8785c  gnutls-1.3.1.tar.bz2
5b260e5d3594a8cf8ea79376bd97775a5f566920  gnutls-1.3.1.tar.bz2.sig

Nikos and Simon

Noteworthy changes since version 1.3.0:

** Support for DHE-PSK cipher suites has been added.
This method offers perfect forward secrecy.

** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
Otto Maddox <address@hidden> and Nozomu Ando <address@hidden>.

** Corrected a bug in certtool for 64 bit machines. Reported
by Max Kellermann <address@hidden>.

** New function to set a X.509 private key and certificate pairs, and/or
CRLs, from an PKCS#12 file, suggested by Emile van Bergen

The integrity of the PKCS#12 file is protected through a password
based MAC; public-key based signatures for integrity protection are
not supported.  PKCS#12 bags may be encrypted using password derived
symmetric keys, public-key based encryption is not supported.  The
PKCS#8 keys may be encrypted using passwords.  The API use the same
password for all operations.  We believe that any more flexibility
create too much complexity that would hurt overall security, but may
add more PKCS#12 related APIs if real-world experience indicate

** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys,
reported by Emile van Bergen <address@hidden>.
This will enable "certtool -k -8" to parse those keys.

** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords.
Use "certtool -p -8" and press press enter at the prompt.  Earlier,
certtool would have encrypted the key using an empty password.

** Certtool now accept --password for --key-info and encrypted PKCS#8 keys.
Earlier it would have prompted the user for it, even if --password was

** Added self test of PKCS#8 parsing.
Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and
pbeWithSHAAnd40BitRC2-CBC) formats are tested.  The test is in

** API and ABI modifications:
New function to set X.509 credentials from a PKCS#12 file:

New gnutls_kx_algorithm_t enum type:

New API to return session data (better data types than

New API to set PSK Diffie-Hellman parameters:

Attachment: pgpEqF9qboD77.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]