Releases: aws/s2n-tls
Releases · aws/s2n-tls
Release: v1.3.52
Weekly release for Sept 25 2023
What's Changed
- ci: Add uemu test with ktls enabled by @lrstewart in #4190
- ktls: add sendfile by @lrstewart in #4186
- ci: Upgrade asan to catch use after scope by @lrstewart in #4192
- ci: run duvet when commits are merged into main branch by @toidiu in #4197
- ktls: self-talk tests for send by @lrstewart in #4189
- Reduce allocs in ktls app data send by @lrstewart in #4181
- ktls: recv alerts by @lrstewart in #4199
- bindings: release 0.0.38 by @goatgoose in #4196
- docs: add citations for alert behavior by @toidiu in #4198
- ktls: receive app data by @lrstewart in #4201
- Add asan support to cmake/nix by @lrstewart in #4194
- build: use feature probes for CLOEXEC by @camshaft in #4206
- docs: add rfc citations by @toidiu in #4202
- ktls: fix flaky test by @lrstewart in #4214
- Generalize io handling + add ktls EINTR handling by @lrstewart in #4203
- ktls: clean up enable by @lrstewart in #4212
- feat: send psk_ke_modes ext in first flight by @jmayclin in #4177
- feat: add s2n_strerror_source API by @camshaft in #4209
- docs: generate citations meta data by @toidiu in #4205
- Add API to retrieve parsed supported groups by @goatgoose in #4216
- ktls: release APIs as unstable by @lrstewart in #4217
Full Changelog: v1.3.51...v1.3.52
Release: v1.3.51
Weekly release for September 11 2023
What's Changed
- bindings: release 0.0.37 by @goatgoose in #4172
- feat(benchmarks): add session resumption support by @jmayclin in #4173
- api :Add S2N_EXTENSION_SUPPORTED_VERSIONS as s2n_tls_extension_type by @raycoll in #4160
- Small sendv doc fix by @lrstewart in #4178
- ktls: send app data by @lrstewart in #4174
- Add testlib to track memory allocations by @lrstewart in #4180
- ci: buildspec for qemu ktls test by @dougch in #4175
- Allow CI to build with default libcrypto by @lrstewart in #4179
- ktls: send alerts by @lrstewart in #4185
- Commit buildspec for s2nGeneralBatch by @lrstewart in #4188
- Add API to disable certificate validity period validation by @goatgoose in #4183
Full Changelog: v1.3.50...v1.3.51
Release: v1.3.50
Weekly release for August 25 2023
What's Changed
- Adds resumption functions to Rust bindings by @maddeleine in #4114
- Make invalid chains available via get_client_cert_chain by @lrstewart in #4134
- Update blocked status documentation by @goatgoose in #4139
- bindings: release 0.0.36 by @goatgoose in #4145
- Use client_hello.parsed as precondition for retrieving client_hello by @raycoll in #4144
- Update historical benching graphs and readme by @tinzh in #4136
- Don't exit nix dev shell on integ test failure by @lrstewart in #4149
- kTLS: get and set control data on msghdr by @toidiu in #4146
- Call enable_session_tickets before adding a ticket key by @maddeleine in #4150
- refactor and cleanup some ktls code by @toidiu in #4152
- Fix s2n_ecdsa_secp521r1_sha512 + improve integ ECDSA coverage by @lrstewart in #4148
- kTLS: implement sendmsg by @toidiu in #4147
- Add cert validation callback by @goatgoose in #4156
- Fix clippy warnings by @goatgoose in #4166
- kTLS: implement recvmsg by @toidiu in #4154
- Publish cert validation callback APIs and add documentation by @goatgoose in #4161
Full Changelog: v1.3.49...v1.3.50
Release: v1.3.49
Weekly release for August 14 2023
What's Changed
- Refactor benching harness to separate out client and server connections by @tinzh in #4113
- bindings: release 0.0.35 by @goatgoose in #4122
- Change PR template formatting to be more consistent by @tinzh in #4116
- Move around and update scripts in bench crate by @tinzh in #4115
- Feature cleanup for bench crate by @tinzh in #4120
- ktls: self talk inet socket test by @toidiu in #4075
- Unnest loops over parameters in handshake bench by @tinzh in #4129
- Fix throughput bench issues and add documentation by @tinzh in #4130
- Add new Kyber768+ KEMs and security policy by @WillChilds-Klein in #4034
- Add flamegraph generation and reuse configs to benchmarks by @tinzh in #4128
- Add different parameters for memory benching by @tinzh in #4125
- Update build documentation by @goatgoose in #4126
- Prevent get_peer_cert_chain from modifying existing cert chain by @lrstewart in #4135
- Add additional Kyber768 tests by @WillChilds-Klein in #4089
- test: ensure s2n_recv blocked status behavior doesn't change by @camshaft in #4127
- ktls: mock send/recvmsg IO by @toidiu in #4109
Full Changelog: v1.3.48...v1.3.49
Release: v1.3.48
Weekly release for July 28 2023
What's Changed
- bindings: release 0.0.34 by @maddeleine in #4096
- nix: pin corretto version by @dougch in #4103
- Add historical performance benchmark by @tinzh in #4083
- Add memory bench with valgrind/massif by @tinzh in #4081
- Add different certificate signature algorithms to benchmarks by @tinzh in #4080
- fix: get_session behavior for TLS 1.3 by @jmayclin in #4104
- Trying to use an invalid ticket should not mutate state by @lrstewart in #4110
- ktls: set keys on socket and enable ktls by @toidiu in #4071
- Print error for 32bit test by @lrstewart in #4107
Full Changelog: v1.3.47...v1.3.48
Release: v1.3.47
Weekly release for July 14 2023
What's Changed
- Add KeyUpdate threading test by @lrstewart in #4059
- Add new CRT policies by @maddeleine in #4072
- nix: Skip the sslyze test on arm by @dougch in #4050
- fix: Add implicit gcc flag to all feature probes by @goatgoose in #4074
- Add openssl handshake to benchmarking by @tinzh in #4069
- bindings: release 0.0.33 by @goatgoose in #4076
- Fix openssl-1.0.2k x509 validator test failure by @lrstewart in #4084
- feat: introduce s2n_key_material for handling key material info by @toidiu in #4047
- Fix pthread key cleanup with musl libc by @lrstewart in #4085
- Add mTLS to benchmarks by @tinzh in #4079
- Add throughput benchmark by @tinzh in #4077
- ktls: config socket ULP by @toidiu in #4066
- Enable -wsign-compare check by @aditishri18 in #4061
- Generify Kyber files + functions over security parameters by @WillChilds-Klein in #4087
- Fix clippy warnings by @WillChilds-Klein in #4093
- Fix try_compile bug on gcc 4 by @maddeleine in #4091
Full Changelog: v1.3.46...v1.3.47
Release: v1.3.46
Weekly release for June 23 2023
What's Changed
- build: make feature flags consistent by @camshaft in #3921
- Fixes dynamic loading bug by @maddeleine in #4024
- bindings(rust): release 0.0.32 by @camshaft in #4032
- Refactor alerts to make behavior clear by @lrstewart in #4019
- ci: typos config file by @dougch in #4021
- Add pre-TLS13 libcrypto PRF implementation by @goatgoose in #4020
- fix: ossl3 legacy provider mem leak by @jmayclin in #4033
- nix devShell with aws-lc by @dougch in #4028
- Never send KeyUpdate message if <TLS1.3 by @lrstewart in #4038
- ci: allow running multiple integ tests at once in nix devshell by @dougch in #4029
- Add libcrypto HKDF implementation by @goatgoose in #4035
- Fixes pthread leak by @maddeleine in #4037
- Fix usage guide examples + enable testing of examples by @lrstewart in #4044
- feat: add checked return values diagnostic by @camshaft in #3798
- Add ThreadSanitizer by @lrstewart in #4046
- Update nix corretto; make it platform aware. by @dougch in #4043
- Fix TSAN s2n_shutdown failures by @lrstewart in #4055
- feat(bindings/s2n-tls): add ja-3 apis by @jmayclin in #4009
- s2n-tls handshake benchmark by @tinzh in #4053
- Validate PRK output size in the libcrypto HKDF implementation by @goatgoose in #4057
- remove kTLS feature probe by @toidiu in #4064
- Add rustls handshake to benchmarks by @tinzh in #4063
- Disable build flag for openssl102 nix aarch64-linux by @dougch in #4045
- Fixes broken link by @maddeleine in #4060
- bindings: do not enable OCSP when calling trust_location() by @WesleyRosenblum in #4016
- Create new KMS TLS Policy with TLSv1.2 Minimum by @alexw91 in #4068
Full Changelog: v1.3.45...v1.3.46
Release: v1.3.45
Weekly release for June 01 2023
What's Changed
- Dashboard stale by @dougch in #3947
- ci: nix devShell simplification by @dougch in #3964
- Print Wire Bytes In and Out for s2nc by @alexw91 in #3986
- chore: bindings release 0.0.31 by @WesleyRosenblum in #3997
- ci: enable ossl3 tls13 tests by @jmayclin in #3992
- test: add more x509 OCSP tests by @jmayclin in #3970
- Update FAQ + add s2n_negotiate example to Usage Guide by @lrstewart in #3984
- bindings: Add option to disable loading system certs by @goatgoose in #3985
- docs: add notes on s2nc and s2nd usage by @WesleyRosenblum in #4003
- Quoting RFC-4492 to verify behavior when supported_groups extension is not sent by @aditishri18 in #3998
- Upgrade OpenSSL module for CBMC proofs by @feliperodri in #3978
- nix devShell with openssl3 by @dougch in #3993
- fix(s2nd): parse psk given to s2nd non-destructively by @WesleyRosenblum in #4006
- style: simplfy api for test utility by @jmayclin in #4008
- nix: add a LibreSSL nix devShell by @dougch in #4010
- nix: Use nixpkgs gnutls instead by @dougch in #4013
- Add the libcrypto random generation implementation by @goatgoose in #4004
- X509 asn1 refactor by @jmayclin in #4011
- fix: open files with the O_CLOEXEC flag by @toidiu in #3989
- test(bindings/s2n-tls-tokio): fix tokio bindings close test by @jmayclin in #4007
- fix(api/unstable): make all api methods visible by @jmayclin in #4015
- nix: add an Openssl102 nix devShell by @dougch in #4014
- Fix s2n_error_get_type mistake in usage guide by @lrstewart in #4022
- Publish minimal s2n_config APIs and add documentation by @goatgoose in #3972
- Only call getenv for integ test marker in s2n_init by @lrstewart in #4025
- Disable retry client random validation outside of tests by @lrstewart in #4023
- fix: improve compatibility with old Linux versions by @camshaft in #4027
Full Changelog: v1.3.44...v1.3.45
Release: v1.3.44
Weekly release for May 09 2023
What's Changed
- Fix end-of-data behavior by @lrstewart in #3945
- Add logging for failed CRT tests by @lrstewart in #3962
- Cover more situations where no close_notify is sent/received by @lrstewart in #3957
- chore[bindings]: release 0.0.30 by @toidiu in #3956
- chore: remove module.modulemap by @toidiu in #3961
- Add API to create s2n_configs without loading system certs by @goatgoose in #3950
- Add new API to perform half-close by @lrstewart in #3952
- Add test for cipher selection with dh params by @lrstewart in #3974
- style: clean up fuzz corpus by @jmayclin in #3971
- Only Rust LTO with GCC by @justsmth in #3968
- docs: update clang-format and gdb documentation by @jmayclin in #3967
- s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypto by @riverszhang89 in #3966
- Use custom library context for rc4 instead of global default context by @lrstewart in #3980
- Add 32 bit buildspec by @jmayclin in #3977
- test: fix session-ticket, non-blocking-io tests on 32 bit by @jmayclin in #3969
New Contributors
- @riverszhang89 made their first contribution in #3966
Full Changelog: v1.3.43...v1.3.44
Release: v1.3.43
Weekly release for April 27 2023
What's Changed
- docs: add compliance notes for RFC 6125 by @camshaft in #3915
- test: add retry logic for well-known endpoints by @camshaft in #3918
- chore(bindings): release 0.0.29 by @camshaft in #3919
- test: Bump nix devShell python to 3.10 by @dougch in #3914
- Attempts to fix flakiness in session_ticket_test by @maddeleine in #3913
- Create new PQ TLS Policies with minimum of TLSv1.2 by @alexw91 in #3927
- doc: Flesh out steps in nix readme. by @dougch in #3923
- Add note about server_name spec requirements by @lrstewart in #3930
- ci: Update AWSLC test dependency to v1.8.0 by @goatgoose in #3938
- Adds FAQ doc by @maddeleine in #3920
- Remove unnecessary flush by @lrstewart in #3940
- update security policy and rust binding documentation by @jmayclin in #3906
- ci: Add github stale action by @goatgoose in #3929
- Add test to verify TLS1.2 downgrade by @aditishri18 in #3939
- Reinstate Kyber KEM check by @WillChilds-Klein in #3905
- Don't send close_notify after an alert by @lrstewart in #3942
- Update IO section of Usage Guide by @lrstewart in #3917
- Add basic half-close TLS1.3 behavior by @lrstewart in #3932
- bindings: add verify_host_callback to the connection by @toidiu in #3925
- ci: Add AWSLC-FIPS 2022 to CI by @goatgoose in #3943
- add 32 bit cross-compile toolchain by @jmayclin in #3924
- ci: Disable automatically closing stale PRs by @goatgoose in #3946
- Fix expected negotiated version in client auth downgrade test by @goatgoose in #3951
Full Changelog: v1.3.42...v1.3.43