Releases: aws/s2n-tls
Releases · aws/s2n-tls
Release: v1.3.46
Weekly release for June 23 2023
What's Changed
- build: make feature flags consistent by @camshaft in #3921
- Fixes dynamic loading bug by @maddeleine in #4024
- bindings(rust): release 0.0.32 by @camshaft in #4032
- Refactor alerts to make behavior clear by @lrstewart in #4019
- ci: typos config file by @dougch in #4021
- Add pre-TLS13 libcrypto PRF implementation by @goatgoose in #4020
- fix: ossl3 legacy provider mem leak by @jmayclin in #4033
- nix devShell with aws-lc by @dougch in #4028
- Never send KeyUpdate message if <TLS1.3 by @lrstewart in #4038
- ci: allow running multiple integ tests at once in nix devshell by @dougch in #4029
- Add libcrypto HKDF implementation by @goatgoose in #4035
- Fixes pthread leak by @maddeleine in #4037
- Fix usage guide examples + enable testing of examples by @lrstewart in #4044
- feat: add checked return values diagnostic by @camshaft in #3798
- Add ThreadSanitizer by @lrstewart in #4046
- Update nix corretto; make it platform aware. by @dougch in #4043
- Fix TSAN s2n_shutdown failures by @lrstewart in #4055
- feat(bindings/s2n-tls): add ja-3 apis by @jmayclin in #4009
- s2n-tls handshake benchmark by @tinzh in #4053
- Validate PRK output size in the libcrypto HKDF implementation by @goatgoose in #4057
- remove kTLS feature probe by @toidiu in #4064
- Add rustls handshake to benchmarks by @tinzh in #4063
- Disable build flag for openssl102 nix aarch64-linux by @dougch in #4045
- Fixes broken link by @maddeleine in #4060
- bindings: do not enable OCSP when calling trust_location() by @WesleyRosenblum in #4016
- Create new KMS TLS Policy with TLSv1.2 Minimum by @alexw91 in #4068
Full Changelog: v1.3.45...v1.3.46
Release: v1.3.45
Weekly release for June 01 2023
What's Changed
- Dashboard stale by @dougch in #3947
- ci: nix devShell simplification by @dougch in #3964
- Print Wire Bytes In and Out for s2nc by @alexw91 in #3986
- chore: bindings release 0.0.31 by @WesleyRosenblum in #3997
- ci: enable ossl3 tls13 tests by @jmayclin in #3992
- test: add more x509 OCSP tests by @jmayclin in #3970
- Update FAQ + add s2n_negotiate example to Usage Guide by @lrstewart in #3984
- bindings: Add option to disable loading system certs by @goatgoose in #3985
- docs: add notes on s2nc and s2nd usage by @WesleyRosenblum in #4003
- Quoting RFC-4492 to verify behavior when supported_groups extension is not sent by @aditishri18 in #3998
- Upgrade OpenSSL module for CBMC proofs by @feliperodri in #3978
- nix devShell with openssl3 by @dougch in #3993
- fix(s2nd): parse psk given to s2nd non-destructively by @WesleyRosenblum in #4006
- style: simplfy api for test utility by @jmayclin in #4008
- nix: add a LibreSSL nix devShell by @dougch in #4010
- nix: Use nixpkgs gnutls instead by @dougch in #4013
- Add the libcrypto random generation implementation by @goatgoose in #4004
- X509 asn1 refactor by @jmayclin in #4011
- fix: open files with the O_CLOEXEC flag by @toidiu in #3989
- test(bindings/s2n-tls-tokio): fix tokio bindings close test by @jmayclin in #4007
- fix(api/unstable): make all api methods visible by @jmayclin in #4015
- nix: add an Openssl102 nix devShell by @dougch in #4014
- Fix s2n_error_get_type mistake in usage guide by @lrstewart in #4022
- Publish minimal s2n_config APIs and add documentation by @goatgoose in #3972
- Only call getenv for integ test marker in s2n_init by @lrstewart in #4025
- Disable retry client random validation outside of tests by @lrstewart in #4023
- fix: improve compatibility with old Linux versions by @camshaft in #4027
Full Changelog: v1.3.44...v1.3.45
Release: v1.3.44
Weekly release for May 09 2023
What's Changed
- Fix end-of-data behavior by @lrstewart in #3945
- Add logging for failed CRT tests by @lrstewart in #3962
- Cover more situations where no close_notify is sent/received by @lrstewart in #3957
- chore[bindings]: release 0.0.30 by @toidiu in #3956
- chore: remove module.modulemap by @toidiu in #3961
- Add API to create s2n_configs without loading system certs by @goatgoose in #3950
- Add new API to perform half-close by @lrstewart in #3952
- Add test for cipher selection with dh params by @lrstewart in #3974
- style: clean up fuzz corpus by @jmayclin in #3971
- Only Rust LTO with GCC by @justsmth in #3968
- docs: update clang-format and gdb documentation by @jmayclin in #3967
- s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypto by @riverszhang89 in #3966
- Use custom library context for rc4 instead of global default context by @lrstewart in #3980
- Add 32 bit buildspec by @jmayclin in #3977
- test: fix session-ticket, non-blocking-io tests on 32 bit by @jmayclin in #3969
New Contributors
- @riverszhang89 made their first contribution in #3966
Full Changelog: v1.3.43...v1.3.44
Release: v1.3.43
Weekly release for April 27 2023
What's Changed
- docs: add compliance notes for RFC 6125 by @camshaft in #3915
- test: add retry logic for well-known endpoints by @camshaft in #3918
- chore(bindings): release 0.0.29 by @camshaft in #3919
- test: Bump nix devShell python to 3.10 by @dougch in #3914
- Attempts to fix flakiness in session_ticket_test by @maddeleine in #3913
- Create new PQ TLS Policies with minimum of TLSv1.2 by @alexw91 in #3927
- doc: Flesh out steps in nix readme. by @dougch in #3923
- Add note about server_name spec requirements by @lrstewart in #3930
- ci: Update AWSLC test dependency to v1.8.0 by @goatgoose in #3938
- Adds FAQ doc by @maddeleine in #3920
- Remove unnecessary flush by @lrstewart in #3940
- update security policy and rust binding documentation by @jmayclin in #3906
- ci: Add github stale action by @goatgoose in #3929
- Add test to verify TLS1.2 downgrade by @aditishri18 in #3939
- Reinstate Kyber KEM check by @WillChilds-Klein in #3905
- Don't send close_notify after an alert by @lrstewart in #3942
- Update IO section of Usage Guide by @lrstewart in #3917
- Add basic half-close TLS1.3 behavior by @lrstewart in #3932
- bindings: add verify_host_callback to the connection by @toidiu in #3925
- ci: Add AWSLC-FIPS 2022 to CI by @goatgoose in #3943
- add 32 bit cross-compile toolchain by @jmayclin in #3924
- ci: Disable automatically closing stale PRs by @goatgoose in #3946
- Fix expected negotiated version in client auth downgrade test by @goatgoose in #3951
Full Changelog: v1.3.42...v1.3.43
Release: v1.3.42
Weekly release for April 04 2023
What's Changed
- test: Nix s3 cache by @dougch in #3904
- chore: bump rust bindings by @toidiu in #3909
- Appends S2N_API to APIs that were missing the attribute by @maddeleine in #3910
- Move secret type out of tls12/tls13 union by @lrstewart in #3908
- Expose curve details on rust bindings by @shraddha-1508 in #3912
- Don't set actual_protocol_version early when resuming a session by @lrstewart in #3907
- CI: Restrict Nix integ test to 1 job by @dougch in #3897
New Contributors
- @shraddha-1508 made their first contribution in #3912
Full Changelog: v1.3.41...v1.3.42
Release: v1.3.41
Release: v1.3.39
Weekly release for March 13 2023
What's Changed
- Removed codecov github status badge. by @amazonKamath in #3859
- Add Rust bindings method to create certs without private keys by @lrstewart in #3860
- Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC by @alexw91 in #3800
- chore: bump rust bindings version; crates msrv to 1.63.0 by @dougch in #3863
- ci: Check for msrv match between rust-toolchain an crates by @dougch in #3866
- fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns by @WesleyRosenblum in #3870
- tests: add checks for LTO+interning compatibility by @camshaft in #3839
- Enforce that ENSURE and GUARD_OSSL use valid error codes by @lrstewart in #3873
New Contributors
- @amazonKamath made their first contribution in #3859
Full Changelog: v1.3.38...v1.3.39
Release: v1.3.38
Weekly release for March 01 2023
What's Changed
- Add CMake targets for integration tests and switch CI to use them by @harrisonkaiser in #3776
- ci: reduce the number of BSD artifacts by @camshaft in #3837
- Enable -Wsign-Compare-check_v2-tests/unit by @aditishri18 in #3827
- Add github trigger event for merge queue by @lrstewart in #3836
- Prevent auto-enabling OCSP requests for servers by @goatgoose in #3830
- Enable -Wsign-Compare-check_v3-tests/unit/ by @aditishri18 in #3828
- Enable -Wsign-Compare-check_bin/_crypto/_stuffer/_utils/ by @aditishri18 in #3825
- Enable -Wsign-Compare-check_v1-tests/ by @aditishri18 in #3826
- Update s2n_libcrypto_validate_name_prefix to only check the prefix of the libcrypto name by @andrewhop in #3779
- Enable -Wsign-Compare-check_tls/ by @aditishri18 in #3829
- Add OCSP stapling for client auth by @goatgoose in #3770
- Enable -Wsign-Compare-check_CMakeLists by @aditishri18 in #3842
- CI: pin AWS-LC versions by @WesleyRosenblum in #3846
- [bindings] Generalize async in preparation for pkey offloading by @lrstewart in #3844
- fix: use actual_protocol_version for session ID by @WesleyRosenblum in #3845
- Add JA3 to s2nd by @lrstewart in #3838
- Filter do_not_merge label from Ready to merge in Dashboard by @WesleyRosenblum in #3849
- Remove unused s2n_config_client_hello_cb_enable_poll by @lrstewart in #3850
- Run integv2 tests with nix by @harrisonkaiser in #3824
- ci: nix action by @dougch in #3834
- Add CBMC proof-running GitHub Action by @karkhaz in #3840
- Upgrade OpenSSL model for CBMC proofs by @feliperodri in #3857
- Rust bindings issue with openssl-src by @dougch in #3858
- Handle ASN.1 type detection errors by @lrstewart in #3855
- [bindings] Add private key callback by @lrstewart in #3847
Full Changelog: v1.3.37...v1.3.38
Release: v1.3.37
Weekly release for February 15 2023
What's Changed
- Add stuffer helper method for standard init process by @lrstewart in #3814
- Bump rust bindings for 1.3.36 release by @goatgoose in #3818
- Clarify SSLv2 ClientHellos by @lrstewart in #3815
- Add unit test to check that the build's libcrypto reflects the CI's intended libcrypto by @harrisonkaiser in #3774
- Clarify that AWS-LC is also supported by @torben-hansen in #3821
- Add JA3 fingerprinting by @lrstewart in #3817
- Criterion delta by @dougch in #3811
- bindings(rust): bump MSRV to 1.60.0 by @camshaft in #3833
- Clean up thread-local memory by @maddeleine in #3771
- Make unstable fingerprint methods accessible by @lrstewart in #3823
Full Changelog: v1.3.36...v1.3.37
Release: v1.3.36
Weekly release for February 08 2023
What's Changed
- Blob Initialization fix-Test_1 by @aditishri18 in #3790
- Integration test to check default signature algorithm behavior by @aditishri18 in #3719
- Adds client hello section to usage guide by @maddeleine in #3757
- Update omnibus fuzz images by @dougch in #3796
- Bump rust bindings for 1.3.35 release by @maddeleine in #3802
- s2n-tls nix flake by @dougch in #3794
- Update OpenBSD's MEM_PER_CONNECTION, based on error message by @harrisonkaiser in #3791
- ktls: s2n_ktls_mode and building blocks by @toidiu in #3797
- Make test_install_shared_and_static easier to debug by @maddeleine in #3804
- ktls: add ktls_supported field to s2n_cipher by @toidiu in #3806
- ktls: rm kTLS request field on config by @toidiu in #3816
Full Changelog: v1.3.35...v1.3.36