Releases: mirleft/ocaml-tls
Releases · mirleft/ocaml-tls
v0.12.1
CHANGES:
- Drop support for RC4 ciphersuite
- Raise lower TLS version in default configuration to 1.2
- tls_lwt no longer calls Mirage_crypto_rng_unix.initialize -- this needs to be
done in the application, inside Lwt_main.run:
Mirage_crypto_rng_lwt.initialize () >>= fun () -> - Support ECDHE ciphersuites in TLS 1.2 and below as specified in RFC 8422
(requested in #413 by @ryanakca, also in #362 by @orbitz @annubiz) - drop "TLS_" prefix from ciphersuite constructors
- BUGFIX: TLS client (<= 1.2) assembling an empty Certificate message
(noticed in #413, present since 0.12.0 release) - Cleanup Packet.any_ciphersuite list (remove ARIA, CAMELLIA, KRB5, EXPORT)
- Adapt interoperability test scripts with TLS 1.3 support
v0.12.0
CHANGES:
- TLS 1.3 support
- Tracing now uses the logs library (log source tls.tracing on debug level)
- bugfix for padding in ClientHello, which computed wrong length
- bugfix hs_fragments to be set before executing the protocol handling logic
- bugfix guard RSA signature with an Insufficient_key handler, which may occur
when using an RSA key which size is too small for the used digest algorithm
v0.11.1
v0.11.0
v0.10.6
v0.10.6 (2020-01-23)
- adapt to x509 0.9.0 interface: certificate revocation lists can now be passed
to the authenticator in Tls_mirage and X509_lwt; also a list of hash
algorithms to be used for certificate signature verification can be passed to
the authenticator - adapt to lwt 5.0.0