Skip to content

v0.13.0
Compare
Choose a tag to compare
@hannesm hannesm released this 14 Apr 09:38
· 165 commits to main since this release
v0.13.0
f9dd61f
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

CHANGES:

  • Remove static RSA and CBC ciphersuites from default configuration. The
    default configuration now includes FFDHE and ECDHE key exchanges with RSA or
    ECDSA/EdDSA certificates, and AEAD ciphers
    (AES-GCM, AES-CCM, ChaCha20-Poly1305) (#429 by @hannesm)
  • Remove SHA1 from signature_algorithms in the default configuration
    (#429 by @hannesm)
  • Support ECDSA and EdDSA certificates and private keys via x509 0.12.0 and
    mirage-crypto-ec (#428 by @hannesm)
    Breaking changes:
    • the second part of type Tls.Config.certchain is now a X509.Private_key.t
      (previously Mirage_crypto_pk.Rsa.priv)
    • the type aliases X509_lwt.priv and X509_lwt.authenticator have been removed
  • Use mirage-crypto-ec instead of fiat-p256 and hacl_x25519 for elliptic curve
    support - this adds P384 and P521 ECDH support (#428 by @hannesm)
  • Remove custom Monad implementation, use Result and Rresult instead
    (#429 by @hannesm)
  • Remove Utils.Cs submodule, use Cstruct API instead (#429 by @hannesm)
  • Breaking: Tls.Engine.ret type is now a result instead of a custom variant type
    (#429 by @hannesm)
  • Breaking: Tls_lwt.Unix.epoch results in (Tls.Core.epoch_data, unit) result -
    it was a custom error type previously (#429 by @hannesm)
Assets 3
Loading