[17323] in cryptography@c2.net mail archive
ANNOUNCE: PureTLS 0.9b5
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Thu Jun 2 18:28:55 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: ietf-tls@lists.certicom.com, cryptography@metzdowd.com
Date: Thu, 02 Jun 2005 09:25:33 -0700
From: Eric Rescorla <ekr@rtfm.com>
ANNOUNCE: PureTLS version 0.9b5
Copyright (C) 1999-2005 Claymore Systems, Inc.
http://www.rtfm.com/puretls
DESCRIPTION
PureTLS is a free Java-only implementation of the SSLv3 and TLSv1
(RFC2246) protocols. PureTLS was developed by Eric Rescorla for
Claymore Systems, Inc, but is being distributed for free because we
believe that basic network security is a public good and should be a
commodity. PureTLS is licensed under a Berkeley-style license, which
basically means that you can do anything you want with it, provided
that you give us credit.
This is a beta release of PureTLS. Although it has undergone a fair
amount of testing and is believed to operate correctly, it no doubt contains
significant bugs, which this release is intended to shake out. Please
send any bug reports to the author at <ekr@rtfm.com>.
CHANGES FROM B4
* SECURITY: Zero OPTIONAL values before parsing. This prevents
bleedthrough of those values from previously parsed certificates
into certificates where they are missing. This is a workaround for a
bug in the Cryptix ASN.1 kit.
The only relevant values are Extensions and Algorithm.Parameters.
In practice this should not be a problem with Algorithm.Parameters
Since they're NULL in RSA certificates and always present in real
DSA certificates. If you rely on Extensions you should upgrade
as soon as possible.
Note: extensions processing is still only partially tested (see
below).
* Trim all leading zeros from DH shared keys. This fixes a rare
compatibility problem.
* Fix handling of pathLen constraints. We were off by one, causing
some valid certificates to be rejected.
We believe that this is the best version of PureTLS available. Users
are advised to upgrade as soon as possible. In particular, if you rely
on X.509 extension processing you should upgrade as soon as possible.
This will most likely be the last release of PureTLS distributed
as a standalone package by Claymore Systems. We have given
the BouncyCastle (http://www.bouncycastle.org) permission to
integrate the PureTLS source code with their library and
we expect them to deliver an integrated system in the future.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
