* [Caml-list] TLS-0.4.0 and X.509-0.3.0
@ 2015-03-19 16:44 Hannes Mehnert
0 siblings, 0 replies; only message in thread
From: Hannes Mehnert @ 2015-03-19 16:44 UTC (permalink / raw)
To: Caml-list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Hey,
it is my please to announce new releases of TLS and X.509, both purely
developed in OCaml. Today OpenSSL announced 14 security issues in
their code base, thus I thought it would be a good day to release our
TLS library :)
The bounty of 10 Bitcoins is still ongoing and not broken (although
~20000 TLS connections were made) -- http://ownme.ipredator.se
NEWS:
TLS
* client authentication (both client and server side)
* server side SNI configuration (see sni.md)
* SCSV server-side downgrade prevention (contributed by Gabriel de
Perthuis @g2p #5)
* remove RC4 ciphers from default config #8
* support for AEAD ciphers, currently CCM #191
* proper bounds checking of handshake fragments #255
* disable application data between CCS and Finished #237
* remove secure renegotiation configuration option #256
* expose epoch in mirage interface, implement 2.3.0 API (error_message)
* error reporting (type failure in engine.mli) #246
* hook into Lwt event loop to feed RNG #254
X.509
* more detailed error messages (type certificate_failure modified)
* no longer Printf.printf debug messages
* error reporting: `Ok of certificate option | `Fail of
certificate_failure
* fingerprint verification can work with None as host (useful for
client authentication where host is not known upfront)
* API reshape: X509 is the only public module, X509.t is the abstract
certificate
Preliminary API documentation (pull requests welcome) is available now
at https://mirleft.github.io/ocaml-x509/ ;
https://mirleft.github.io/ocaml-tls/
The packages are not yet in the opam repository, but waiting for
Travis https://github.com/ocaml/opam-repository/pull/3770
Feedback, suggestions, and comments are appreciated,
Hannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCQAGBQJVCvzaAAoJELyJZYjffCjuCJsP/0zGjbFe880GEbKQEugwyewa
DhON1VX+IS/PVOcnHlQPhNan69/6+TtL0aLQQq/KMUQ1W37o+qzRF4RBWPe8iMYN
5RWpwI8TCZHQdYQ95uV6sJDfzX6QAmqDvzzHCzbX7bp83YI0Ws2KVEroEsTjJRk5
VqMMLv9hHeb0DpoX8a41NjSs5xqIrBNB2wUKwso+YmMYb8O8n9SCU9oVRbxMLtKD
ko6C2IFJk6bQQGFyAJwL7HyWCBCd02H5+V2+NRC/7t5+2+CPUQJWunnQH8LTUSJU
eev+GY6TbUbgyiyAhkzGvIv3qQQ2/7FtQrQPGQfoKH4OZtGvAlO8i2090LB0LEfo
L6v34i0d9hKqh42UMlqRdtx8Am6AzwqbTzxY9a3bzr7GtibFHfxpuHA1wQ9I0wtS
K53oWfedjHzvzhwcooSNsGJIdVXlUaGIEF889dcrpsiBFpXNqGVBiUrF3mNbC+C/
E1oCpmtAQNDJS/WkJVosHJ/x9I/du5FPFy6gzY2YBc88cQ8FxM8wnnLtX128EtE3
h/L1QoGTgiMabyNyJdLOhlOJudGuJqEbc+fZHV4alEqE8KhU0tkJCnxTIZUK1Mab
Kkxqi9Zm6JjFazEQwF9DWKNrWIw045HwW+jROsNHwBdGJWcaJv96bc5HVSfK17Vz
QBgbwkRlZUJQ2gNi7KA7
=Oi6a
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-03-19 16:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-19 16:44 [Caml-list] TLS-0.4.0 and X.509-0.3.0 Hannes Mehnert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox