Hello, We have just released gnutls-3.7.8. This is a bug fix and enhancement release on the 3.7.x branch.
We would like to thank everyone who contributed in this release: Alexander Sosedkin, Andreas Metzler, Daiki Ueno, Doug Nazar, František Krenželok, Martin Storsjö, Simon Josefsson, Stanislav Zidek, Tobias Heider and Zoltán Fridrich. The detailed list of changes follows: * Version 3.7.8 (released 2022-09-27) ** libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. ** libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. ** libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: gnutls_digest_set_secure gnutls_sign_set_secure gnutls_sign_set_secure_for_certs gnutls_protocol_set_enabled ** API and ABI modifications: No changes since last version. Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.8.tar.xz Here are OpenPGP detached signatures signed using keys: E987AB7F7E89667776D05B3BB0E9DD20B29F1432, 5D46CB0F763405A7053556F47A75A648B3F9220C and 462225C3B46F34879FC8496CD605848ED7E69871: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.8.tar.xz.sig Note that it has been signed with my OpenPGP key: pub rsa4096 2016-09-27 [SC] E987AB7F7E89667776D05B3BB0E9DD20B29F1432 uid [ultimate] Alexander Sosedkin <m...@unboiled.info> sub rsa4096 2016-09-27 [E] sub rsa4096 2016-09-27 [S] Zoltán Fridrich's OpenPGP key: pub ed25519 2021-12-23 [SC] [expires: 2023-12-23] 5D46CB0F763405A7053556F47A75A648B3F9220C uid [ultimate] Zoltan Fridrich <zfrid...@redhat.com> sub cv25519 2021-12-23 [E] [expires: 2023-12-23] and Daiki Ueno's OpenPGP key: pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno <u...@unixuser.org> uid [ultimate] Daiki Ueno <u...@gnu.org> sub rsa4096 2010-02-04 [E] Regards, Alexander
signature.asc
Description: signature
_______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help