v0.13.0
CHANGES:
- Remove static RSA and CBC ciphersuites from default configuration. The
default configuration now includes FFDHE and ECDHE key exchanges with RSA or
ECDSA/EdDSA certificates, and AEAD ciphers
(AES-GCM, AES-CCM, ChaCha20-Poly1305) (#429 by @hannesm) - Remove SHA1 from signature_algorithms in the default configuration
(#429 by @hannesm) - Support ECDSA and EdDSA certificates and private keys via x509 0.12.0 and
mirage-crypto-ec (#428 by @hannesm)
Breaking changes:- the second part of type Tls.Config.certchain is now a X509.Private_key.t
(previously Mirage_crypto_pk.Rsa.priv) - the type aliases X509_lwt.priv and X509_lwt.authenticator have been removed
- the second part of type Tls.Config.certchain is now a X509.Private_key.t
- Use mirage-crypto-ec instead of fiat-p256 and hacl_x25519 for elliptic curve
support - this adds P384 and P521 ECDH support (#428 by @hannesm) - Remove custom Monad implementation, use Result and Rresult instead
(#429 by @hannesm) - Remove Utils.Cs submodule, use Cstruct API instead (#429 by @hannesm)
- Breaking: Tls.Engine.ret type is now a result instead of a custom variant type
(#429 by @hannesm) - Breaking: Tls_lwt.Unix.epoch results in (Tls.Core.epoch_data, unit) result -
it was a custom error type previously (#429 by @hannesm)