[gnutls-help] Shall we update Nettle version requirement?
Daiki Ueno
ueno at gnu.org
Fri Nov 7 01:59:02 CET 2025
Hello,
Provoked by this issue[1], I started thinking about updating the minimum
version of Nettle required by GnuTLS. Currently it's 3.6, while 3.10
was released 1.5 years ago. By updating it, we can eliminate the
bundled copies of RSA-OAEP, AES-GCM-SIV, and SHAKE implementations, as
well as the CVE-2021-4209 fix. Given Nettle 3.10.2 is ABI compatible
with 3.6, I'm assuming that there is little impact to downstreams.
Any thoughts?
Footnotes:
[1] https://gitlab.com/gnutls/gnutls/-/issues/1759
--
Daiki Ueno
More information about the Gnutls-help
mailing list