Bugzilla – Bug 4881
GnuTLS needs to be updated.
Last modified: 2014-04-01 16:05:58
You need to
before you can comment on or make changes to this bug.
Current buildsystem uses version 3.2.4 two releases behind upstream.
Version 3.2.6 (released 2013-10-31)
- libgnutls: Support for TPM via trousers is now enabled by default.
- libgnutls: Camellia in GCM mode has been added in default priorities,
and GCM mode is prioritized over CBC in all of the default priority strings.
- libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
- libgnutls: Fixed ciphersuites
GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler.
- libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
- libgnutls: Minimum acceptable DH group parameters were increased to
767 bits from 727.
- libgnutls: Added function to obtain random data from PKCS #11 tokens.
- gnulib: updated.
- libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.
- p11tool: Added option generate-random.
- API and ABI modifications: gnutls_pkcs11_token_get_random: Added
Version 3.2.5 (released 2013-10-23)
- libgnutls: Documentation and build-time fixes.
- libgnutls: Allow the generation of DH groups of less than 700 bits.
- libgnutls: Added several combinations of ciphersuites with SHA256 and
SHA384 as MAC, as well as Camellia with GCM.
- libdane: Added interfaces to allow initialization of dane_query_t
from external DNS resolutions, and to allow direct verification of a
certificate chain against a dane_query_t. Contributed by Christian Grothoff.
- libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
triggered by a DNS server supplying more than 4 DANE records. Report and
fix by Christian Grothoff.
- srptool: Fixed index command line option. Patch by Attila Molnar.
- gnutls-cli: Added support for inline commands, using the
--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.
- certtool: pathlen constraint is now read correctly. Reported by
GnuTLS and friends upgraded in r28427. Will do a quick test of tlstunnel and
tl-certtool before I close this.
tlstunnel works fine, and tlclient can parse several of the cards I have at my
Missing update package for win32 and osx32 GnuTLS:
rpm -qa | grep cendio | grep gnutls
(In reply to comment #3)
> Missing update package for win32 and osx32 GnuTLS:
> rpm -qa | grep cendio | grep gnutls
gnutls is only used by the server. No idea why you have those installed. :)
All is in order...