Releases: aws/s2n-tls
Releases · aws/s2n-tls
Release: v1.5.0
Weekly release for August 9 2024
Note: The minor version has been bumped in this release due to a commit that makes a backwards-incompatible change to the session resumption ticket schema.
What's Changed
- refactor: move stuffer hex methods out of testlib by @lrstewart in #4653
- fix: pin tokio-macros version by @lrstewart in #4658
- Refactor some s2n_resume functions by @maddeleine in #4648
- fix: allow for clock skew in resumption by @jmayclin in #4650
- fix: new clippy lints by @jmayclin in #4666
- ci(nix): Setup a head build for the cross_compatibility integ test by @dougch in #4567
- Set up regression benchmark for scalar performance by @kaukabrizvi in #4649
- refactor: clean up other hex methods by @lrstewart in #4664
- fix: add missing corpus files for s2n_deserialize_resumption_state_test by @jouho in #4672
- fix: default s2nc should accept default s2nd cert by @lrstewart in #4670
- ci: move fuzz corpus to S3 by @jouho in #4665
- feat(bindings): add renegotiate to the rust bindings by @lrstewart in #4668
- fix: SSLv3 handshake with openssl-1.0.2-fips fails by @jouho in #4644
- refactor: switch JA3 to use stuffer hex methods by @lrstewart in #4662
- feat(bindings): Add hyper compatibility crate by @goatgoose in #4617
- chore(bindings): release 0.2.10 by @WesleyRosenblum in #4683
- fix: don't fail for 0 blinding delay by @lrstewart in #4671
- test(cbmc): add stuffer hex proofs by @lrstewart in #4659
- Adopt CBMC 6.1 and cbmc-viewer 3.9 by @rod-chapman in #4661
- fix: zip corpus files before uploading to s3 by @jouho in #4685
- docs: update blinding docs by @lrstewart in #4686
- fix(bindings): enforce waker contract on
poll
operations by @camshaft in #4688 - chore: Bump rust bindings to 0.2.11 by @maddeleine in #4690
- feat: Changes ticket encryption scheme to be nonce-reuse resistant by @maddeleine in #4663
- ci: store fuzz artifacts in s3 by @jouho in #4678
- chore: document OpenSSL-FIPS restriction on RSA key size by @jouho in #4654
- Enabling differential performance benchmarking by @kaukabrizvi in #4667
- fix(ci): partially revert checking out head from current clone. by @dougch in #4693
- fix: upload fuzz output to s3 when test fails by @jouho in #4694
- chore: Rust bindings bump v0.3.0 by @maddeleine in #4697
New Contributors
- @kaukabrizvi made their first contribution in #4649
Full Changelog: v1.4.18...v1.5.0
Release: v1.4.18
Weekly release for July 19 2024
What's Changed
- refactor: separate out ja3 specific logic by @lrstewart in #4578
- chore: fix CBMC proof summary count by @tautschnig in #4627
- fix: remove S2N_NO_PQ option by @kdnakt in #4622
- feat(bindings/s2n-tls): add client_hello_version by @jmayclin in #4609
- chore(bindings): release 0.2.8 by @toidiu in #4635
- api(bindings/s2n-tls)!: remove public testing feature by @jmayclin in #4623
- refactor: use feature probe for AEAD gate logic instead of AWS-LC/BoringSSL macros by @jouho in #4642
- ci(nix): Add tshark to nix devshell by @dougch in #4571
- chore: document why SHA1 is the only supported hash algorithm for cert_id generation in OCSP response by @jouho in #4625
- Refactor: change set/get_decryption_key return type to S2N_RESULT in s2n_cipher struct by @jouho in #4638
- Refactor: change init and destroy_key return type to S2N_RESULT in s2n_cipher struct by @jouho in #4639
- Refactor: change is_available return type to bool in s2n_cipher struct by @jouho in #4630
- test(pcap): handle pcaps with tcp fragmentation by @lrstewart in #4643
- refactor(bindings/s2n-tls): finish test harness refactor by @jmayclin in #4636
- feature: reusable fingerprinting interface by @lrstewart in #4628
- feat: Add API to gate session tickets to TLS1.3 only by @maddeleine in #4645
- ci: add merge_group event to GHA workflow. by @dougch in #4646
- fix: avoid cert validation on connection_set_config by @jmayclin in #4612
- Update s2n_connection_get_kem_group_name() to work with ClientHelloRe… by @alexw91 in #4652
- fix: Removing new usage of memcmp by @maddeleine in #4657
- chore: Bump Rust bindings v1.4.18 by @maddeleine in #4656
New Contributors
Full Changelog: v1.4.17...v1.4.18
v1.4.17
What's Changed
- chore: cleanup duplicate duvet citations by @WesleyRosenblum in #4587
- ci: fix cppcheck errors by @lrstewart in #4589
- compliance: update generate_report.sh to point to compliance directory by @WesleyRosenblum in #4588
- feature: new compatibility-focused security policy preferring ECDSA by @lrstewart in #4579
- ci(nix): Fix integ pq test in a devShell by @dougch in #4576
- chore: update s2n_stuffer_printf CBMC harness by @tautschnig in #4531
- fix: error rather than empty cipher suites by @lrstewart in #4597
- refactor(binding): more accurate naming for const str helper by @jmayclin in #4601
- Fix: update default cert chain for unit tests by @jouho in #4582
- fix(s2n_session_ticket_test): correct clock mocking by @jmayclin in #4602
- chore(bindings): fix shebang in generate.sh by @zh-jq-b in #4603
- testing(bindings): add new test helper by @jmayclin in #4596
- test: add pcap testing crate by @lrstewart in #4604
- s2n-tls rust binding: expose selected application protocol by @zh-jq-b in #4599
- chore: use CBMC version 5.95.1 by @tautschnig in #4586
- example(bindings): add async ConfigResolver by @jmayclin in #4477
- ci: shallow clone musl repo by @jmayclin in #4611
- docs: Add back suggested FIPS + TLS1.3 policy by @lrstewart in #4605
- docs: add timeout note to blinding delay docs by @lrstewart in #4621
- test(bindings/s2n-tls): refactor testing::s2n-tls tests by @jmayclin in #4613
- Perform 2-RTT Handshake to upgrade to PQ when possible by @alexw91 in #4526
- chore: make cbmc proof build more strict by adding -Werror flag by @jouho in #4606
- bug: Fixing bash error by @maddeleine in #4624
New Contributors
Full Changelog: v1.4.16...v1.4.17
Release: v1.4.16
What's Changed
- chore(bench): upgrade rustls by @jmayclin in #4554
- test: backwards compatibility test for the serialization feature by @maddeleine in #4548
- Additional test cases for s2n_constant_time_equals() by @rod-chapman in #4559
- chore(bindings): version bump by @toidiu in #4566
- feat(bindings): Associate an application context with a Connection by @goatgoose in #4563
- fix: update default security policies by @lrstewart in #4523
- fix: cert verify test fix by @jouho in #4545
- [Nix] adjust pytest retrys by @dougch in #4558
- fix: init implicit iv for serialization feature by @maddeleine in #4572
- docs: document s2n_cert_auth_type behavior by @toidiu in #4454
- feat: Configurable blinding by @maddeleine in #4562
- refactor: add try_compile feature probe for RSA-PSS signing by @jouho in #4569
- fix: Validate received signature algorithm in EVP verify by @goatgoose in #4574
- chore(bindings): release 0.2.7 by @goatgoose in #4580
New Contributors
- @rod-chapman made their first contribution in #4559
Full Changelog: v1.4.15...v1.4.16
Release: v1.4.15
Weekly release for May 21 2024
What's Changed
- feat: Modify s2nd/c to do serialization/deserialization by @maddeleine in #4533
- refactor: Avoid unnecessary s2n_hmac calls in s2n_record_write by @goatgoose in #4539
- chore: bindings release 0.2.5 by @dougch in #4551
- feat: add key preferences to rfc9151 policy by @jmayclin in #4540
- fix: Send zero-length NST when session key is expired by @jouho in #4532
- feat(bindings): Add API to check for resumption by @goatgoose in #4552
- bug(nix:corretto): use autoPatchelfHook on all systems and ignore als… by @dougch in #4561
Full Changelog: v1.4.14...v1.4.15
Release: v1.4.14
Weekly release for May 10 2024
What's Changed
- feat: set certificate_authorities from trust store by @lrstewart in #4509
- feat[bindings]: fips feature flag by @toidiu in #4527
- bin: tool to print security policies by @lrstewart in #4524
- style(bindings): fix new clippy lint by @jmayclin in #4536
- ci: grep for S2N_RESULT_ERR without setting s2n_errno by @lrstewart in #4534
- fix: Fix a bug in tls1.3 code path by @jouho in #4513
- fix: Increase received signature scheme limit by @goatgoose in #4544
Full Changelog: v1.4.13...v1.4.14
Release: v1.4.13
Weekly release for May 01 2024
What's Changed
- fix: rename error + extension iana for consistency by @lrstewart in #4503
- fix(sidetrail): Invalid stream cipher struct in proof wrapper by @goatgoose in #4484
- chore: Rust bindings bump v1.4.12 by @maddeleine in #4505
- fix: Fix redundant code by @jouho in #4504
- feat: add basic support for certificate_authorities by @lrstewart in #4506
- docs: add more warnings about security policy defaults by @lrstewart in #4507
- docs(bindings): fix client hello doc tests by @jmayclin in #4495
- feat: add missing numbered security policies by @lrstewart in #4511
- chore(bindings): Pin
zeroize
to avoid MSRV increase by @goatgoose in #4519 - ci: Remove actions-rs by @goatgoose in #4514
- Nix libcrypto helpers by @dougch in #4422
- fix: Python integ tests are flaky on arm by @maddeleine in #4512
- chore: update s2n-core team by @dougch in #4520
- binding: Add s2n_connection_get_session on the Connection by @mathpal in #4522
- nix gdb/lldb utils by @dougch in #4460
- chore(bindings): release 0.2.4 by @jmayclin in #4530
New Contributors
Full Changelog: v1.4.12...v1.4.13
Release: v1.4.12
Weekly release for April 16 2024
What's Changed
- fix: Wipe conn->in on all record parse failures by @goatgoose in #4499
- feat: Release C APIs for serialization by @maddeleine in #4501
- refactor: combine TLS1.2 and TLS1.3 sig scheme representations by @lrstewart in #4498
- feat: Serialization Rust APIs by @maddeleine in #4493
Full Changelog: v1.4.11...v1.4.12
Release v1.4.11
Release for Apr 11 2023
What's Changed
- fix: better errors for all client auth failures by @lrstewart in #4492
- fix: correct broken early data test by @lrstewart in #4494
- fix: add missing TLS1.3 p521 sig schemes by @lrstewart in #4496
- tests: Serialization feature with post-handshake features by @maddeleine in #4489
- feat(binding): add key update request api by @jmayclin in #4469
- chore(bindings): release 0.2.2 by @toidiu in #4497
Full Changelog: v1.4.10...v1.4.11
Release: v1.4.10
Weekly release for April 10 2024
What's Changed
- fix(bindings): print cargo commands to stdout by @camshaft in #4482
- chore(bindings): release 0.2.1 by @lrstewart in #4486
- feat: connection serialization by @maddeleine in #4468
- feat: reduce read syscalls to improve performance by @lrstewart in #4485
- feat: add s2n_peek_buffered by @lrstewart in #4490
Full Changelog: v1.4.9...v1.4.10