I-OpenBSD Project Developers
Izici ze-LibreSSL 3.2.0:
- Uhlangothi lweseva lunikwe amandla ngokuzenzakalela
I-TLS 1.3 ngaphezu kwengxenye yeklayenti ehlongoziwe ngaphambilini. Ukuqaliswa kwe-TLS 1.3 yakhelwe phezu kwesisekelo somshini omusha kahulumeni kanye nesistimu engaphansi yokusebenza ngamarekhodi. I-OpenSSL TLS 1.3 API ehambisanayo ayikatholakali, kodwa izinketho ezihlobene ne-TLS 1.3 zengeziwe kumyalo we-openssl. - Kusistimu engaphansi yokucubungula amarekhodi, ukuhlolwa kosayizi wenkambu ye-TLS 1.3 kuthuthukisiwe futhi isexwayiso siyaboniswa uma imikhawulo yeqiwa.
- Iseva ye-TLS iqinisekisa ukuthi amagama osokhaya avumelekile kuphela ku-SNI athobelana nezimfuneko ze-RFC 5890 ne-RFC 6066 ayacutshungulwa.
- Ukuqaliswa kwe-TLS 1.3 kwengeze usekelo lwemodi ye-SSL_MODE_AUTO_RETRY ukuze ithumele kabusha ngokuzenzakalelayo imilayezo yezingxoxo zokuxhuma.
- Iseva ye-TLS 1.3 kanye neklayenti bengeze usekelo lokuthumela izicelo zokuhlolwa kwesitifiketi kusetshenziswa isandiso
I-OCSP yokunamathisela (impendulo ye-OCSP egunyazwe isiphathimandla sokunikeza izitifiketi idluliswa iseva esebenzela isayithi lapho ixoxisana ngoxhumo lwe-TLS). - Uma i-I/O inikwe amandla ngokuzenzakalela, i-SSL_MODE_AUTO_RETRY inikwa amandla, efana nokukhishwa okusha kwe-OpenSSL.
- Kwengezwe ukuhlolwa kokuhlehla okususelwe ku
tlsfuzzer . - Umyalo we-"openssl x509" unikeza inkomba yedethi engalungile yokuphelelwa yisikhathi kwesitifiketi.
- I-TLS 1.3 ene-RSA ivumela kuphela amasiginesha edijithali ye-PSS.
Source: opennet.ru