I-OpenBSD Project Developers ukukhishwa kwe-edishini ephathekayo yephakheji , lapho kuthuthukiswa khona imfoloko ye-OpenSSL, okuhloswe ngayo ukunikeza izinga eliphezulu lokuphepha. Iphrojekthi ye-LibreSSL igxile ekusekelweni kwekhwalithi ephezulu kwezivumelwano ze-SSL/TLS ngokususa ukusebenza okungadingekile, ukwengeza izici zokuphepha ezengeziwe, nokuhlanza ngokuphawulekayo nokusebenza kabusha isisekelo sekhodi. Ukukhishwa kwe-LibreSSL 3.2.0 kuthathwa njengokukhishwa kokuhlola okuthuthukisa izici ezizofakwa ku-OpenBSD 6.8.
Izici ze-LibreSSL 3.2.0:
- Uhlangothi lweseva lunikwe amandla ngokuzenzakalela ngaphezu kwengxenye yeklayenti ehlongoziwe ngaphambilini. Ukuqaliswa kwe-TLS 1.3 yakhelwe phezu kwesisekelo somshini omusha kahulumeni kanye nesistimu engaphansi yokusebenza ngamarekhodi. I-OpenSSL TLS 1.3 API ehambisanayo ayikatholakali, kodwa izinketho ezihlobene ne-TLS 1.3 zengeziwe kumyalo we-openssl.
- Kusistimu engaphansi yokucubungula amarekhodi, ukuhlolwa kosayizi wenkambu ye-TLS 1.3 kuthuthukisiwe futhi isexwayiso siyaboniswa uma imikhawulo yeqiwa.
- Iseva ye-TLS iqinisekisa ukuthi amagama osokhaya avumelekile kuphela ku-SNI athobelana nezimfuneko ze-RFC 5890 ne-RFC 6066 ayacutshungulwa.
- Ukuqaliswa kwe-TLS 1.3 kwengeze usekelo lwemodi ye-SSL_MODE_AUTO_RETRY ukuze ithumele kabusha ngokuzenzakalelayo imilayezo yezingxoxo zokuxhuma.
- Iseva ye-TLS 1.3 kanye neklayenti bengeze usekelo lokuthumela izicelo zokuhlolwa kwesitifiketi kusetshenziswa isandiso (impendulo ye-OCSP egunyazwe isiphathimandla sokunikeza izitifiketi idluliswa iseva esebenzela isayithi lapho ixoxisana ngoxhumo lwe-TLS).
- Uma i-I/O inikwe amandla ngokuzenzakalela, i-SSL_MODE_AUTO_RETRY inikwa amandla, efana nokukhishwa okusha kwe-OpenSSL.
- Kwengezwe ukuhlolwa kokuhlehla okususelwe ku .
- Umyalo we-"openssl x509" unikeza inkomba yedethi engalungile yokuphelelwa yisikhathi kwesitifiketi.
- I-TLS 1.3 ene-RSA ivumela kuphela amasiginesha edijithali ye-PSS.
Source: opennet.ru