deadsimple BSD Security Advisories and Announcements

LibreSSL 2.6.1 released

We have released LibreSSL 2.6.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the second
development release from the 2.6 series, which will eventually be part of
OpenBSD 6.2. It includes the following changes:

 * Added a "-T tlscompat" option to nc(1), which enables the use of all
   TLS protocols and "compat" ciphers. This allows for TLS connections
   to TLS servers that are using less than ideal cipher suites, without
   having to resort to "-T tlsall" which enables all known cipher
   suites.  Diff from Kyle J. McKay.

 * Added a new TLS extension handling framework, somewhat analogous to
   BoringSSL, and converted all TLS extensions to use it. Added new TLS
   extension regression tests.

 * Improved and added many new manpages. Updated *check_private_key
   manpages with additional cautions regarding their use.

 * Cleaned up the EC key/curve configuration handling.

 * Added tls_config_set_ecdhecurves() to libtls, which allows the names
   of the eliptical curves that may be used during client and server
   key exchange to be specified.

 * Converted more code paths to use CBB/CBS.

 * Removed support for DSS/DSA, since we removed the cipher suites a
   while back.

 * Removed NPN support. NPN was never standardised and the last draft
   expired in October 2012. ALPN was standardised in July 2014 and has
   been supported in LibreSSL since December 2014. NPN has also been
   removed from Chromium in May 2016.

 * Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
   CryptoPro clients.

 * Removed support for the TLS padding extension, which was added as a
   workaround for an old bug in F5's TLS termination handling.

 * Worked around another bug in F5's TLS termination handling of the
   elliptical curves extension. RFC 4492 only defines elliptic_curves
   for ClientHello. However, F5 is sending it in ServerHello.  We need
   to skip over it since our TLS extension parsing code is now more
   strict. Thanks to Armin Wolfermann and WJ Liu for reporting.

 * Added ability to clamp notafter valies in certificates for systems
   with 32-bit time_t. This is necessary to conform to RFC 5280

 * Implemented the SSL_CTX_set_min_proto_version(3) API.

 * Removed the original (pre-IETF) chacha20-poly1305 cipher suites.

 * Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.