[gnutls-devel] gnutls 3.2.11

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Feb 13 19:52:27 CET 2014 

Hello,
 I've just released gnutls 3.2.11. This is a bugfix release on the
current stable branch.

This release addresses the security advisory GNUTLS-SA-2014-1 at:
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1


* Version 3.2.11 (released 2014-02-13)

** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.

** libgnutls: Reduced the TLS and DTLS version requirements for all
ciphersuites that are not GCM.

** libgnutls: When two initial keywords are specified then treat the
second as having the '+' modifier.

** libgnutls:  When using a PKCS #11 module for verification ensure that
it has been marked a trusted policy module in p11-kit. Moreover, when an
empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
in the system for verification.
http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html

** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
CA certificates. Reported and investigated by Suman Jana.

** certtool: Added the --ask-pass option.

** API and ABI modifications:
GNUTLS_PKCS11_TOKEN_TRUSTED: Added
GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE: Added


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.11.tar.xz
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.11.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.11.tar.xz.sig
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.11.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos

More information about the Gnutls-devel mailing list