Path to this page:
Subject: CVS commit: pkgsrc/security/py-tlslite
From: Amitai Schleier
Date: 2017-01-01 22:50:31
Message id: 20170101215031.46097FBA6@cvs.NetBSD.org
Log Message:
Update to 0.4.8. From the changelog:
0.4.8 - 11/12/2014
- Added more acknowledgements and security considerations
0.4.7 - 11/12/2014
- Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
- Don't offer SSLv3 by default (e.g. POODLE)
- Fixed bug with PyCrypto_RSA integration
- Fixed harmless bug that added non-prime into sieves list
- Added "make test" and "make test-dev" targets (Hubert Kario)
0.4.5 - 3/20/2013
- **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
to a closed connection. This inherits from socket.error, so should
interact better with SocketServer (see http://bugs.python.org/issue14574)
and other things expecting a socket.error in this situation.
- Added support for RC4-MD5 ciphersuite (if enabled in settings)
- This is allegedly necessary to connect to some Internet servers.
- Added TLSConnection.unread() function
- Switched to New-style classes (inherit from 'object')
- Minor cleanups
0.4.4 - 2/25/2013
- Added Python 3 support (Martin von Loewis)
- Added NPN client support (Marcelo Fernandez)
- Switched to RC4 as preferred cipher
- faster in Python, avoids "Lucky 13" timing attacks
- Fixed bug when specifying ciphers for anon ciphersuites
- Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
- (this function is not used for TLS currently, and this tolerance may
not even be necessary)
0.4.3 - 9/27/2012
- Minor bugfix (0.4.2 doesn't load tackpy)
0.4.2 - 9/25/2012
- Updated TACK (compatible with tackpy 0.9.9)
0.4.1 - 5/22/2012
- Fixed RSA padding bugs (w/help from John Randolph)
- Updated TACK (compatible with tackpy 0.9.7)
- Added SNI
- Added NPN server support (Sam Rushing/Google)
- Added AnonDH (Dimitris Moraitis)
- Added X509CertChain.parsePemList
- Improved XML-RPC (Kees Bos)
0.4.0 - 2/11/2012
- Fixed pycrypto support
- Fixed python 2.6 problems
0.3.9.x - 2/7/2012
Much code cleanup, in particular decomposing the handshake functions so they
are readable. The main new feature is support for TACK, an experimental
authentication method that provides a new way to pin server certificates (See
https://github.com/moxie0/Convergence/wiki/TACK ).
Also:
- Security Fixes
- Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
Client Hello. Does not support renegotiation (never has).
- Change from e=3 to e=65537 for generated RSA keys, not strictly
necessary but mitigates risk of sloppy verifier.
- 1/(n-1) countermeasure for BEAST.
- Behavior changes:
- Split cmdline into tls.py and tlstest.py, improved options.
- Formalized LICENSE.
- Defaults to closing socket after sending close_notify, fixes hanging.
problem that would occur sometime when waiting for other party's
close_notify.
- Update SRP to RFC 5054 compliance.
- Removed client handshake "callbacks", no longer support the SRP
re-handshake idiom within a single handshake function.
- Bugfixes
- Added hashlib support, removes Deprecation Warning due to sha and md5.
- Handled GeneratorExit exceptions that are a new Python feature, and
interfere with the async code if not handled.
- Removed:
- Shared keys (it was based on an ancient I-D, not TLS-PSK).
- cryptlib support, it wasn't used much, we have enough other options.
- cryptoIDs (TACK is better).
- win32prng extension module, as os.urandom is now available.
- Twisted integration (unused?, slowed down loading).
- Jython code (ancient, didn't work).
- Compat support for python versions < 2.7.
- Additions
- Support for TACK via TACKpy.
- Support for CertificateRequest.certificate_authorities ("reqCAs")
- Added TLSConnection.shutdown() to better mimic socket.
- Enabled Session resumption for XMLRPCTransport.
Files: