Bude BSD Masu Haɓakawa saki na fakitin šaukuwa , wanda a cikinsa ake haɓaka cokali mai yatsa na OpenSSL, da nufin samar da babban matakin tsaro. Aikin LibreSSL yana mayar da hankali ne akan babban goyon baya ga ka'idodin SSL/TLS ta hanyar cire ayyukan da ba dole ba, ƙara ƙarin fasalulluka na tsaro, da mahimmancin tsaftacewa da sake yin aiki da tushe na lambar. Ana ɗaukar sakin LibreSSL 3.2.0 a matsayin sakin gwaji wanda ke haɓaka fasalulluka waɗanda za a haɗa su cikin OpenBSD 6.8.
Siffofin LibreSSL 3.2.0:
- An kunna gefen uwar garke ta tsohuwa ban da bangaren abokin ciniki da aka gabatar a baya. Ana aiwatar da aiwatar da TLS 1.3 akan sabon injin jiha da tsarin ƙasa don aiki tare da bayanan. API ɗin OpenSSL TLS 1.3 mai jituwa bai wanzu ba tukuna, amma an ƙara zaɓuɓɓuka masu alaƙa da TLS 1.3 zuwa umarnin openssl.
- A cikin tsarin sarrafa rikodin, an inganta girman filin TLS 1.3 kuma ana nuna gargadi idan an wuce iyaka.
- Sabar TLS tana tabbatar da cewa kawai ingantattun sunayen baƙi a cikin SNI waɗanda suka dace da buƙatun RFC 5890 da RFC 6066 ana sarrafa su.
- Ayyukan TLS 1.3 sun ƙara goyan baya ga yanayin SSL_MODE_AUTO_RETRY don sake aika saƙonnin shawarwarin haɗi kai tsaye.
- Sabar TLS 1.3 da abokin ciniki sun ƙara goyan baya don aika buƙatun duba matsayin takaddun shaida ta amfani da tsawo (amsar OCSP da aka ba da izini ta hanyar takaddun shaida ana watsa shi ta hanyar uwar garken da ke hidimar rukunin yanar gizon lokacin yin shawarwarin haɗin TLS).
- Lokacin da aka kunna I/O ta tsohuwa, an kunna SSL_MODE_AUTO_RETRY, kama da sabbin abubuwan da aka saki na OpenSSL.
- An ƙara gwaje-gwajen koma baya bisa ga .
- Umurnin "openssl x509" yana ba da alamar kwanan wata karewa takardar shaidar da ba daidai ba.
- TLS 1.3 tare da RSA yana ba da damar sa hannun dijital na PSS kawai.
source: budenet.ru