From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 184097FC86 for ; Thu, 19 Mar 2015 17:44:32 +0100 (CET) Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of hannes@mehnert.org) identity=pra; client-ip=213.73.89.200; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="hannes@mehnert.org"; x-sender="hannes@mehnert.org"; x-conformance=sidf_compatible Received-SPF: Pass (mail2-smtp-roc.national.inria.fr: domain of hannes@mehnert.org designates 213.73.89.200 as permitted sender) identity=mailfrom; client-ip=213.73.89.200; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="hannes@mehnert.org"; x-sender="hannes@mehnert.org"; x-conformance=sidf_compatible; x-record-type="v=spf1" Received-SPF: Pass (mail2-smtp-roc.national.inria.fr: domain of postmaster@mail.mehnert.org designates 213.73.89.200 as permitted sender) identity=helo; client-ip=213.73.89.200; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="hannes@mehnert.org"; x-sender="postmaster@mail.mehnert.org"; x-conformance=sidf_compatible; x-record-type="v=spf1" X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AhBQC9+wpV/8hZSdVcgwZSWoMNwxeHQkwBAQEBAQF9hDkPAUU2AgUWCwILAwIBAgFLDQgBARaIFQQJokSPTJwJAR+BIZFWgUUFlDeHGjqCdoI4jSUiggEdgVBvgkMBAQE X-IPAS-Result: A0AhBQC9+wpV/8hZSdVcgwZSWoMNwxeHQkwBAQEBAQF9hDkPAUU2AgUWCwILAwIBAgFLDQgBARaIFQQJokSPTJwJAR+BIZFWgUUFlDeHGjqCdoI4jSUiggEdgVBvgkMBAQE X-IronPort-AV: E=Sophos;i="5.11,430,1422918000"; d="scan'208";a="126794692" Received: from mail.mehnert.org ([213.73.89.200]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/ADH-CAMELLIA256-SHA; 19 Mar 2015 17:44:31 +0100 Received: from [128.232.110.219] (c219.al.cl.cam.ac.uk [128.232.110.219]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "hannes@mehnert.org", Issuer "mehnert root CA" (verified OK)) by mail.mehnert.org (Postfix) with ESMTPS id 73248163A for ; Thu, 19 Mar 2015 17:44:30 +0100 (CET) Message-ID: <550AFCDA.1080303@mehnert.org> Date: Thu, 19 Mar 2015 16:44:10 +0000 From: Hannes Mehnert User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Caml-list OpenPGP: id=DF7C28EE Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Subject: [Caml-list] TLS-0.4.0 and X.509-0.3.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hey, it is my please to announce new releases of TLS and X.509, both purely developed in OCaml. Today OpenSSL announced 14 security issues in their code base, thus I thought it would be a good day to release our TLS library :) The bounty of 10 Bitcoins is still ongoing and not broken (although ~20000 TLS connections were made) -- http://ownme.ipredator.se NEWS: TLS * client authentication (both client and server side) * server side SNI configuration (see sni.md) * SCSV server-side downgrade prevention (contributed by Gabriel de Perthuis @g2p #5) * remove RC4 ciphers from default config #8 * support for AEAD ciphers, currently CCM #191 * proper bounds checking of handshake fragments #255 * disable application data between CCS and Finished #237 * remove secure renegotiation configuration option #256 * expose epoch in mirage interface, implement 2.3.0 API (error_message) * error reporting (type failure in engine.mli) #246 * hook into Lwt event loop to feed RNG #254 X.509 * more detailed error messages (type certificate_failure modified) * no longer Printf.printf debug messages * error reporting: `Ok of certificate option | `Fail of certificate_failure * fingerprint verification can work with None as host (useful for client authentication where host is not known upfront) * API reshape: X509 is the only public module, X509.t is the abstract certificate Preliminary API documentation (pull requests welcome) is available now at https://mirleft.github.io/ocaml-x509/ ; https://mirleft.github.io/ocaml-tls/ The packages are not yet in the opam repository, but waiting for Travis https://github.com/ocaml/opam-repository/pull/3770 Feedback, suggestions, and comments are appreciated, Hannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCQAGBQJVCvzaAAoJELyJZYjffCjuCJsP/0zGjbFe880GEbKQEugwyewa DhON1VX+IS/PVOcnHlQPhNan69/6+TtL0aLQQq/KMUQ1W37o+qzRF4RBWPe8iMYN 5RWpwI8TCZHQdYQ95uV6sJDfzX6QAmqDvzzHCzbX7bp83YI0Ws2KVEroEsTjJRk5 VqMMLv9hHeb0DpoX8a41NjSs5xqIrBNB2wUKwso+YmMYb8O8n9SCU9oVRbxMLtKD ko6C2IFJk6bQQGFyAJwL7HyWCBCd02H5+V2+NRC/7t5+2+CPUQJWunnQH8LTUSJU eev+GY6TbUbgyiyAhkzGvIv3qQQ2/7FtQrQPGQfoKH4OZtGvAlO8i2090LB0LEfo L6v34i0d9hKqh42UMlqRdtx8Am6AzwqbTzxY9a3bzr7GtibFHfxpuHA1wQ9I0wtS K53oWfedjHzvzhwcooSNsGJIdVXlUaGIEF889dcrpsiBFpXNqGVBiUrF3mNbC+C/ E1oCpmtAQNDJS/WkJVosHJ/x9I/du5FPFy6gzY2YBc88cQ8FxM8wnnLtX128EtE3 h/L1QoGTgiMabyNyJdLOhlOJudGuJqEbc+fZHV4alEqE8KhU0tkJCnxTIZUK1Mab Kkxqi9Zm6JjFazEQwF9DWKNrWIw045HwW+jROsNHwBdGJWcaJv96bc5HVSfK17Vz QBgbwkRlZUJQ2gNi7KA7 =Oi6a -----END PGP SIGNATURE-----