GnuTLS Changelog

New in version 3.4.3

July 13th, 2015
  • libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050.
  • libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled).
  • libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash.
  • libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided.
  • libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set.
  • libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
  • p11tool: Added --list-token-urls option, and print the token module name in list-tokens.
  • API and ABI modifications:
  • gnutls_ecc_curve_get_oid: Added
  • gnutls_digest_get_oid: Added
  • gnutls_pk_get_oid: Added
  • gnutls_sign_get_oid: Added
  • gnutls_ecc_curve_get_id: Added
  • gnutls_oid_to_digest: Added
  • gnutls_oid_to_pk: Added
  • gnutls_oid_to_sign: Added
  • gnutls_oid_to_ecc_curve: Added
  • gnutls_pkcs7_get_signature_count: Added

New in version 3.4.1 (May 8th, 2015)

  • libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck.
  • libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos.
  • libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse.
  • libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
  • libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs.
  • certtool: It can generate SHA256 key IDs.
  • gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
  • configure: re-enabled the --enable-local-libopts flag
  • API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added

New in version 3.3.12 (January 23rd, 2015)

  • libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See:
  • libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters.
  • libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott.
  • libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz.
  • libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz.
  • libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module.
  • libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL.
  • libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server.
  • guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.
  • guile: Fix harmless warning during compilation of gnutls.scm Initially reported at .
  • certtool: --pubkey-info will also attempt to load a public key from stdin.
  • gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation.
  • API and ABI modifications: No changes since last version.

New in version 3.2.9 (January 27th, 2014)

  • libgnutls: The %DUMBFW option in priority string only appends data to client hello if the expected size is in the "black hole" range.
  • libgnutls: %COMPAT implies %DUMBFW.
  • libgnutls: gnutls_session_get_desc() returns a more compact ciphersuite description.
  • libgnutls: In PKCS #11 allow deleting multiple non-certificate data.
  • libgnutls: When a PKCS #11 trust store is specified (e.g. using the configure option --with-default-trust-store-pkcs11), then the PKCS #11 token is used on demand to obtain the trusted anchors, rather than preloading all trusted certificates. That delegates CA certificate management and blacklist checking to the PKCS #11 module.
  • libgnutls: When a PKCS #11 trust store is specified in configure option or in gnutls_x509_trust_list_add_trust_file(), then the module is used to obtain the verification anchors and any required blacklists as in
  • libgnutls: Fix in OCSP certificate status extension handling in non-blocking servers. Patch by Nils Maier.
  • p11tool: Added --so-login option to force login as security officer (admin).

New in version 3.2.8 (December 21st, 2013)

  • libgnutls: Updated code for AES-NI. That prevents an uninitialized variable complaint from valgrind.
  • libgnutls: Enforce a maximum size for DH primes.
  • libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy Polyakov's code.
  • libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.
  • libgnutls: It only links to librt if the required functions are not present in libc. This also prevents an indirect linking to libpthread.
  • libgnutls: Fixed issue with gnulib strerror replacement by adding the strerror gnulib module.
  • libgnutls: The time provided in the TLS random values is only precise on its first 3 bytes. That prevents leakage of the precise system time (at least on the client side when only few connections are done on a single server).
  • certtool: The --verify option will use the system CAs if the load-ca-certificate option is not provided.
  • configure: Added option --with-default-blacklist-file to allow specifying a certificate blacklist file.
  • configure: Added --disable-non-suiteb-curves option. This option restricts the supported curves to SuiteB curves.
  • API and ABI modifications: gnutls_record_check_corked: Added

New in version 3.2.7 (November 25th, 2013)

  • Several improvements in smart card handling, in the handling of the pre-DTLS-1.0 protocol used in OpenConnect, and record decompression.
  • Support has been added for writing the "no well defined" expiration date in certificates.

New in version 3.2.6 (November 4th, 2013)

  • libgnutls: Support for TPM via trousers is now enabled by default.
  • libgnutls: Camellia in GCM mode has been added in default priorities, and GCM mode is prioritized over CBC in all of the default priority strings.
  • libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
  • libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler.
  • libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
  • libgnutls: Minimum acceptable DH group parameters were increased to 767 bits from 727.
  • libgnutls: Added function to obtain random data from PKCS #11 tokens. Contributed by Wolfgang Meyer zu Bergsten.
  • gnulib: updated.
  • libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the previous fix. Reported by Tomas Mraz.
  • p11tool: Added option generate-random.
  • API and ABI modifications: gnutls_pkcs11_token_get_random: Added

New in version 3.2.5 (October 26th, 2013)

  • This version added new ciphersuites with Camellia, SHA2-256, and SHA2-384.
  • A buffer overflow in the DANE library was corrected and several minor improvements were made.

New in version 3.2.4 (September 2nd, 2013)

  • This version adds the RSA-PSK key exchange method.
  • It has fixes in session ticket handling and in server certificate request handling, as well as other minor fixes and updates.

New in version 3.2.3 (July 31st, 2013)

  • This version fixes bugs related to TLS packet parsing and priority string parsing.

New in version 3.2.2 (July 15th, 2013)

  • Several optimizations related to packet processing subsystems, and enhancements for support of DTLS under other transport layers than UDP.
  • Several small fixes.

New in version 3.2.1 (June 3rd, 2013)

  • This version adds small fixes to DTLS client hello verify handling, packet overhead size calculation, and a workaround for an issue with implementations which negotiate ECC under SSL 3.0.

New in version 3.1.10 (March 23rd, 2013)

  • This version adds new features and fixes bugs in the current stable branch.
  • It adds support for the Android system and optimizes certificate handling.

New in version 3.1.9 (March 2nd, 2013)

  • This is bugfix release in the current stable branch.

New in version 3.1.6 (January 3rd, 2013)

  • This is a bugfix release on the current stable branch.

New in version 3.1.5 (November 26th, 2012)

  • This version adds support for UCS-2 encoded DNs, improvements to smart card key generation, and a few bugfixes.

New in version 3.1.4 (November 12th, 2012)

  • This version includes initial support for the DTLS-SRTP protocol, updates related to the new DANE library, and several simplifications to the existing API.

New in version 3.1.3 (October 13th, 2012)

  • This version adds support for the DANE (DNSSEC) certificate verification protocol and the certificate status request extension.

New in version 3.1.2 (September 27th, 2012)

  • This version includes feature updates, notably support for the DTLS heartbeat message, and bugfixes in the current stable branch.

New in version 2.12.8 (August 9th, 2011)

  • This is a bugfix release that backports features from the new stable branch.
  • The PKCS #11 back-end was replaced by p11-kit.
  • There are compatibility fixes with libgcrypt 1.5.0, better handling of incomplete writes with writev(), strict verification of the order of certificate lists, and fixes in certificate request generation.