BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.3.0 Released

We have released LibreSSL 2.3.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is the first snapshot based on the development OpenBSD 5.9
branch. As such, it is likely to change more compared to the stable
2.2.x and 2.1.x branches. The ABI/API for the LibreSSL 2.3.x series
will be declared stable around March 2016.
See http://www.libressl.org/releases.html for more details.

As in previous releases, LibreSSL 2.3.0 removes more unsafe or
obsolete algorithms and protocols. To help in the transition, we have
begun tracking some of the more common software that needs patches or
new releases in order to build properly without these removed features.
See http://www.libressl.org/patches.html for information.

Notable features in this release:

  * SSLv3 is now permanently removed from the tree.

  * The libtls API is changed from the 2.2.x series:

    The tls_read/write functions now work better with external event
    libraries. See the tls_init man page for examples of using libtls
    correctly in asynchronous mode.

    Client-side verification is now supported, with the client supplying
    the certificate to the server.

    Also, when using tls_connect_fds, tls_connect_socket or
    tls_accept_fds, libtls no longer implicitly closes the passed in
    sockets. The caller is responsible for closing them in this case.

  * When loading a DSA key from an raw (without DH parameters) ASN.1
    serialization, perform some consistency checks on its `p' and `q'
    values, and return an error if the checks failed.

    Thanks for Georgi Guninski (guninski at guninski dot com) for
    mentioning the possibility of a weak (non prime) q value and
    providing a test case.

    See
    https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
    for a longer discussion.

  * Fixed a bug in ECDH_compute_key that can lead to silent truncation
    of the result key without error. A coding error could cause software
    to use much shorter keys than intended.

  * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
    longer supported.

  * The engine command and parameters are removed from the openssl(1).
    Previous releases removed dynamic and builtin engine support
    already.

  * SHA-0 is removed, which was withdrawn shortly after publication 20
    years ago.

  * Added Certplus CA root certificate to the default cert.pem file.

  * New interface OPENSSL_cpu_caps is provided that does not allow
    software to inadvertently modify cpu capability flags.
    OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.

  * The out_len argument of AEAD changed from ssize_t to size_t.

  * Deduplicated DTLS code, sharing bugfixes and improvements with
    TLS.

  * Converted 'nc' to use libtls for client and server operations; it is
    included in the libressl-portable distribution as an example of how
    to use the libtls library. This is intended to be a simpler and more
    robust replacement for 'openssl s_client' and 'openssl s_server' for
    day-to-day operations.

The LibreSSL project continues improvement of the codebase to reflect
modern, safe programming practices. We welcome feedback and improvements
from the broader community. Thanks to all of the contributors who helped
make this release possible. Special thanks to FreeBSD's Bernard Spil and
the OpenBSD Ports team, who have been instrumental through the SSLv3
transition.