LibreSSL-2.3.0 released PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Michael Felt   
OpenBSD/LibreSSL project has released LibreSSL 2.3.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This release is the first snapshot based on the development OpenBSD 5.9 branch. As such, it is likely to change more compared to the stable 2.2.x and 2.1.x branches. The ABI/API for the LibreSSL 2.3.x series will be declared stable around March 2016. See http://www.libressl.org/releases.html for more details.

As in previous releases, LibreSSL 2.3.0 removes more unsafe or obsolete algorithms and protocols. To help in the transition, we have begun tracking some of the more common software that needs patches or new releases in order to build properly without these removed features. See http://www.libressl.org/patches.html for information.

Notable features in this release:

  • SSLv3 is now permanently removed from the tree.
  • The libtls API is changed from the 2.2.x series:
    The tls_read/write functions now work better with external event libraries. See the tls_init man page for examples of using libtls correctly in asynchronous mode.
    Client-side verification is now supported, with the client supplying the certificate to the server.
    Also, when using tls_connect_fds, tls_connect_socket or tls_accept_fds, libtls no longer implicitly closes the passed in sockets. The caller is responsible for closing them in this case.
  • When loading a DSA key from an raw (without DH parameters) ASN.1 serialization, perform some consistency checks on its `p' and `q' values, and return an error if the checks failed.
    Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case.
    See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion.
  • Fixed a bug in ECDH_compute_key that can lead to silent truncation of the result key without error. A coding error could cause software to use much shorter keys than intended.
  • Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported.
  • The engine command and parameters are removed from the openssl(1). Previous releases removed dynamic and builtin engine support already.
  • SHA-0 is removed, which was withdrawn shortly after publication 20 years ago.
  • Added Certplus CA root certificate to the default cert.pem file.
  • New interface OPENSSL_cpu_caps is provided that does not allow software to inadvertently modify cpu capability flags. OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
  • The out_len argument of AEAD changed from ssize_t to size_t.
  • Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
  • Converted 'nc' to use libtls for client and server operations; it is included in the libressl-portable distribution as an example of how to use the libtls library. This is intended to be a simpler and more robust replacement for 'openssl s_client' and 'openssl s_server' for day-to-day operations.

The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible. Special thanks to FreeBSD's Bernard Spil and the OpenBSD Ports team, who have been instrumental through the SSLv3 transition.

 
Next >
60 queries executed
1
SET sql_mode = 'MYSQL40'
2 SELECT folder, element, published, params FROM jos_mambots WHERE published >= 1 AND access <= 0 AND folder = 'system' ORDER BY ordering
3 SELECT template FROM jos_templates_menu WHERE client_id = 0 AND ( menuid = 0 OR menuid = 99999999 ) ORDER BY menuid DESC LIMIT 1
4 DELETE FROM jos_session WHERE ( ( time < '1548314096' ) AND guest = 0 AND gid > 0 ) OR ( ( time < '1548314096' ) AND guest = 1 AND userid = 0 )
5 SELECT COUNT(*) FROM jos_stats_agents WHERE agent = 'Unknown' AND type = 0
6 UPDATE jos_stats_agents SET hits = ( hits + 1 ) WHERE agent = 'Unknown' AND type = 0
7 SELECT COUNT(*) FROM jos_stats_agents WHERE agent = 'Unknown' AND type = 1
8 UPDATE jos_stats_agents SET hits = ( hits + 1 ) WHERE agent = 'Unknown' AND type = 1
9 SELECT COUNT(*) FROM jos_stats_agents WHERE agent = 'com' AND type = 2
10 UPDATE jos_stats_agents SET hits = ( hits + 1 ) WHERE agent = 'com' AND type = 2
11 SELECT * FROM jos_menu WHERE published = 1 AND link LIKE 'index.php?option=com\_content&task=view%'
12 SELECT a.*, u.name AS author, u.usertype, cc.name AS category, s.name AS section, g.name AS groups, s.published AS sec_pub, cc.published AS cat_pub, s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id FROM jos_content AS a LEFT JOIN jos_categories AS cc ON cc.id = a.catid LEFT JOIN jos_sections AS s ON s.id = cc.section AND s.scope = 'content' LEFT JOIN jos_users AS u ON u.id = a.created_by LEFT JOIN jos_groups AS g ON a.access = g.id WHERE a.id = 724 AND ( a.state = 1 OR a.state = -1 ) AND ( a.publish_up = '0000-00-00 00:00:00' OR a.publish_up <= '2019-01-24 08:29' ) AND ( a.publish_down = '0000-00-00 00:00:00' OR a.publish_down >= '2019-01-24 08:29' ) AND a.access <= 0
13 SELECT a.id FROM jos_content AS a WHERE a.catid = 29 AND a.state = -1 AND a.access <= 0 AND ( a.state = 1 OR a.state = -1 ) AND ( a.publish_up = '0000-00-00 00:00:00' OR a.publish_up <= '2019-01-24 08:29' ) AND ( a.publish_down = '0000-00-00 00:00:00' OR a.publish_down >= '2019-01-24 08:29' ) ORDER BY a.ordering
14 SELECT ROUND( v.rating_sum / v.rating_count ) AS rating, v.rating_count FROM jos_content AS a LEFT JOIN jos_content_rating AS v ON a.id = v.content_id WHERE a.id = 724
15 UPDATE jos_content SET hits = ( hits + 1 ) WHERE id = '724'
16 SELECT hits FROM jos_core_log_items WHERE time_stamp = '2019-01-24' AND item_table = '#__content' AND item_id = '724'
17 UPDATE jos_core_log_items SET hits = ( hits + 1 ) WHERE time_stamp = '2019-01-24' AND item_table = '#__content' AND item_id = '724'
18 SELECT folder, element, published, params FROM jos_mambots WHERE access <= 0 AND folder = 'content' ORDER BY ordering
19 SELECT value FROM jos_bookmarks_prefs WHERE userid = '-1' AND category = 'params' AND name = 'urlkey'
20 SELECT value FROM jos_bookmarks_prefs WHERE userid = '-1' AND category = 'params' AND name = 'snapshotactiv'
21 SELECT value FROM jos_bookmarks_prefs WHERE userid = '-1' AND category = 'params' AND name = 'snapshotother'
22 SELECT id FROM jos_mambots WHERE element = 'mosbookmarks' AND folder = 'content'
23 SELECT * FROM jos_mambots WHERE id = '32'
24 SELECT name, value FROM jos_bookmarks_prefs WHERE userid = '-1' AND category = 'params' ORDER BY name
25 SELECT c.id, c.parent FROM jos_bookmarks_categories as c WHERE c.id = -1
26 SELECT * FROM jos_bookmarks_columns WHERE category='' AND custom='0'
27 SELECT * FROM jos_bookmarks_columns WHERE category='' ORDER BY ordering
28 SELECT * FROM jos_bookmarks_columns WHERE category='admin'
29 SELECT * FROM jos_bookmarks_columns WHERE category='admin' ORDER BY ordering
30 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
31 SELECT * FROM jos_mambots WHERE id = '27'
32 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
33 SELECT * FROM jos_mambots WHERE id = '27'
34 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
35 SELECT * FROM jos_mambots WHERE id = '27'
36 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
37 SELECT * FROM jos_mambots WHERE id = '27'
38 SELECT a.* FROM jos_components AS a WHERE ( a.admin_menu_link = 'option=com_syndicate' OR a.admin_menu_link = 'option=com_syndicate&hidemainmenu=1' ) AND a.option = 'com_syndicate'
39 SELECT m.id FROM jos_modules AS m WHERE m.module = 'mod_rssfeed' AND m.published = 1
40 SELECT id, title, module, position, content, showtitle, params FROM jos_modules AS m INNER JOIN jos_modules_menu AS mm ON mm.moduleid = m.id WHERE m.published = 1 AND m.access <= 0 AND m.client_id != 1 AND ( mm.menuid = 0 OR mm.menuid = 99999999 ) ORDER BY ordering
41 SELECT id FROM jos_menu WHERE link = 'index.php?option=com_search' AND published = 1
42 SELECT m.*, sum(case when p.published=1 then 1 else 0 end) as cnt FROM jos_menu AS m LEFT JOIN jos_menu AS p ON p.parent = m.id WHERE m.menutype='rt_splitSuckerFish' AND m.published='1' AND m.access <= '0' GROUP BY m.id ORDER BY m.parent, m.ordering
43 SELECT m.* FROM jos_menu AS m WHERE menutype='rt_splitSuckerFish' AND m.published='1'
44 SELECT * FROM jos_banner WHERE showBanner=1
45 SELECT id FROM jos_mambots WHERE element = 'mosbookmarks' AND folder = 'content'
46 SELECT * FROM jos_mambots WHERE id = '32'
47 SELECT name, value FROM jos_bookmarks_prefs WHERE userid = '-1' AND category = 'params' ORDER BY name
48 SELECT c.id, c.parent FROM jos_bookmarks_categories as c WHERE c.id = -1
49 SELECT * FROM jos_bookmarks_columns WHERE category='' AND custom='0'
50 SELECT * FROM jos_bookmarks_columns WHERE category='' ORDER BY ordering
51 SELECT * FROM jos_bookmarks_columns WHERE category='admin'
52 SELECT * FROM jos_bookmarks_columns WHERE category='admin' ORDER BY ordering
53 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
54 SELECT * FROM jos_mambots WHERE id = '27'
55 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
56 SELECT * FROM jos_mambots WHERE id = '27'
57 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
58 SELECT * FROM jos_mambots WHERE id = '27'
59 SELECT id FROM jos_mambots WHERE element = 'plugin_jw_allvideos' AND folder = 'content'
60 SELECT * FROM jos_mambots WHERE id = '27'