Release: v1.5.16
Weekly release for April 03 2025
Release summary:
- This change is considered a behavior change, though we don’t expect it to have impact. The potential impact shows up as a minor decrease in the amount of session tickets sent to clients in TLS1.2 connections, which may translate to a decrease in the amount of resumed handshakes. Look for handshakes in your logs of type “NEGOTIATED:WITH_SESSION_TICKET” to determine the precise number of handshakes that will no longer be sending session tickets. #5217
- Adds s2n_connection_get_key_exchange_group for getting the negotiated named group. #5209
- Deprecate experimental TLS 1.2 PQ security policies. This does not affect ML-KEM or any use of standard TLS1.3 PQ. #5194
- Fix handshake message length integer overflow in s2n_handshake_finish_header. #5206
What's Changed
- ci: add libcrypto openssl-3.0-fips to integ tests by @lrstewart in #5202
- ci: add openssl-3.0-fips to asan build properly by @lrstewart in #5204
- fix: handshake message length integer overflow in s2n_handshake_finish_header by @boquan-fang in #5206
- chore: deprecate s2n_set by @jmayclin in #5155
- chore: binding release 0.3.14 by @maddeleine in #5210
- Remove PQ TLS 1.2 from all Security Policies by @alexw91 in #5194
- ci: exclude new setuptools by @jmayclin in #5215
- fix: Update README.md to include Rust bindings docs by @maddeleine in #5212
- feat: add s2n_connection_get_key_exchange_group by @WesleyRosenblum in #5209
- chore: bindings release 0.3.15 by @jmayclin in #5221
- ci: add openssl-3.0-fips to valgrind by @johubertj in #5211
- docs: fix openssl-3.0-fips provider requirements documentation by @lrstewart in #5214
- refactor(bindings): use implicit linking for aws-lc by @jmayclin in #5218
- fix: tighten session ticket lifetime by @CarolYeh910 in #5217
- ci: Fix cppcheck build by @goatgoose in #5238
- refactor: implement match the same for all pkeys by @lrstewart in #5224
- ci: add openssl-3.0-fips to general batch by @lrstewart in #5207
- refactor: add evp pkey size/encrypt/decrypt methods by @lrstewart in #5225
- feat(bindings): expose certificate match api by @johubertj in #5220
- ci: add ruff linting by @johubertj in #5182
Full Changelog: v1.5.15...v1.5.16
Contributors
alexw91, goatgoose, and 7 other contributors