[gnutls-devel] gnutls 3.5.16

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Oct 21 09:41:38 CEST 2017

 I've just released gnutls 3.5.16. This is a bug fix release on the
current stable branch. Note that, I've also switched the release
cadence to bi-monthly as less and less bug fixes/updates accumulate
each month on this branch.

* Version 3.5.16 (released 2017-10-21)

** libgnutls: Fixed issue which causes 1-byte handshake fragments to be refused.
   Reported by Balázs Kéri.

** libgnutls: Refuse to resume a session which had a different SNI advertised. That
   improves RFC6066 support in server side. Reported by Thomas Klute.

** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was
   used. Resolves gitlab issue #259.

** libgnutls: When selecting a client side signature algorithm, prefer the signature
   schemes in the enabled list (Since 3.5.5 client certificates can be used even
   if they contain disallowed algorithms for a session, to allow utilizing old
   client certificates -like DSA-SHA1 without enabling DSA for the server certificate).

** p11tool: The options --set-pin and --set-so-pin can be used with all operations
   not only with --initialize.

** p11tool: Mark all generated objects as sensitive by default.

** certtool: Enable certificate fingerprint generation with sha512 (#295).

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list