LibreSSL 2.3.0 发布,安全套接字库
发布于 2015-09-24 07:30:09 | 119 次阅读 | 评论: 0 | 来源: 网友投递
LibreSSL SSL加密安全套接字库
LibreSSL是OpenSSL加密软件库的一个分支,为一个安全套接层(SSL)和传输层安全(TLS)协议的开源实现。在OpenSSL爆出心脏出血安全漏洞之后,一些OpenBSD开发者于2014年4月创立了LibreSSL,目标是重构OpenSSL的代码,以提供一个更安全的替代品。LibreSSL复刻自OpenSSL库的1.0.1g分支,它将遵循其他OpenBSD项目所使用的安全指导原则。
LibreSSL 2.3.0 发布,更新内容如下:
* SSLv3 is now permanently removed from the tree.
* The libtls API is changed from the 2.2.x series.
The read/write functions work correctly with external event
libraries. See the tls_init man page for examples of using libtls
correctly in asynchronous mode.
Client-side verification is now supported, with the client supplying
the certificate to the server.
Also, when using tls_connect_fds, tls_connect_socket or
tls_accept_fds, libtls no longer implicitly closes the passed in
sockets. The caller is responsible for closing them in this case.
* When loading a DSA key from an raw (without DH parameters) ASN.1
serialization, perform some consistency checks on its `p' and `q'
values, and return an error if the checks failed.
Thanks for Georgi Guninski (guninski at guninski dot com) for
mentioning the possibility of a weak (non prime) q value and
providing a test case.
See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
for a longer discussion
* Fixed a bug in ECDH_compute_key that can lead to silent truncation
of the result key without error. A coding error could cause software
to use much shorter keys than intended.
* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
longer supported.
* The engine command and parameters are removed from the openssl(1).
Previous releases removed dynamic and builtin engine support
already.
* SHA-0 is removed, which was withdrawn shortly after publication 20
years ago.
* Added Certplus CA root certificate to the default cert.pem file.
* New interface OPENSSL_cpu_caps is provided that does not allow
software to inadvertently modify cpu capability flags.
OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
* The out_len argument of AEAD changed from ssize_t to size_t.
* Deduplicated DTLS code, sharing bugfixes and improvements with
TLS.
* Converted 'nc' to use libtls for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the library.
详情请看:发行说明。
LibreSSL 是一个免费版本的 SSL/TLS 协议,来自于 OpenSSL
LibreSSL 支持多平台,开发者宣称“我们不想要伤透你们的心”。
LibreSSL是OpenSSL加密软件库的一个分支,为一个安全套接层(SSL)和传输层安全(TLS)协议的开源实现。在OpenSSL爆出心脏出血安全漏洞之后,一些OpenBSD开发者于2014年4月创立了LibreSSL,目标是重构OpenSSL的代码,以提供一个更安全的替代品。LibreSSL复刻自OpenSSL库的1.0.1g分支,它将遵循其他OpenBSD项目所使用的安全指导原则。
历史版本 :
LibreSSL 2.5.4 发布,安全套接字库
LibreSSL 2.3.3 发布,安全套接字库
LibreSSL 2.2.5 发布,安全套接字库
LibreSSL 2.3.0 发布,安全套接字库
LibreSSL 2.2.3 发布,安全套接字库
LibreSSL 2.2.2 发布,安全套接字库
LibreSSL 2.2.1 发布,安全套接字库
LibreSSL 2.2.0 发布,安全套接字库
LibreSSL 2.1.5 发布,安全套接字库
LibreSSL 2.1.2 之前版本被爆安全漏洞
LibreSSL 2.0.2 发布,安全套接字库
LibreSSL 2.0.1 发布,安全套接字库