* Sun Nov 17 2013 p.drouand@gmail.com
- Update to version 0.4.6
+ **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
to a closed connection. This inherits from socket.error, so should
interact better with SocketServer (see http://bugs.python.org/issue14574)
and other things expecting a socket.error in this situation.
+ Added support for RC4-MD5 ciphersuite (if enabled in settings)
This is allegedly necessary to connect to some Internet servers.
+ Added TLSConnection.unread() function
+ Switched to New-style classes (inherit from 'object')
+ Minor cleanups
- Changes from 0.4.5
+ release engineering problem, skipped!
- Changes from 0.4.4
+ Added Python 3 support
+ Added NPN client support
+ Switched to RC4 as preferred cipher
faster in Python, avoids "Lucky 13" timing attacks
+ Fixed bug when specifying ciphers for anon ciphersuites
+ Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
(this function is not used for TLS currently, and this tolerance may
not even be necessary)
- Remove useless CFLAGS definition
- Remove redundant %clean section
* Tue Nov 13 2012 jfunk@funktronics.ca
- Update to 0.4.3:
* Minor bugfix (0.4.2 doesn't load tackpy)
- 0.4.2 - 9/25/2012
* Updated TACK (compatible with tackpy 0.9.9)
* Wed May 23 2012 jfunk@funktronics.ca
- Update to 0.4.1
* Fixed RSA padding bugs (w/help from John Randolph)
* Updated TACK (compatible with tackpy 0.9.7)
* Added SNI
* Added NPN server support (Sam Rushing/Google)
* Added AnonDH (Dimitris Moraitis)
* Added X509CertChain.parsePemList
* Improved XML-RPC (Kees Bos)
* Mon Feb 13 2012 jfunk@funktronics.ca
- Update spec to reflect current conventions
- Update to 0.4.0:
- Fixed pycrypto support
- Fixed python 2.6 problems
- 0.3.9.x - 2/7/2012
- Much code cleanup, in particular decomposing the handshake functions so
they are readable. The main new feature is support for Convergence TACK,
an experimental authentication method that provides a new way to pin
server certificates (See https://github.com/moxie0/Convergence/wiki/TACK ).
- Security Fixes
- Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
Client Hello. Does not support renegotiation (never has).
- Change from e=3 to e=65537 for generated RSA keys, not strictly
necessary but mitigates risk of sloppy verifier.
- 1/(n-1) countermeasure for BEAST.
- Behavior changes:
- Split cmdline into tls.py and tlstest.py, improved options.
- Formalized LICENSE.
- Defaults to closing socket after sending close_notify, fixes hanging.
problem that would occur sometime when waiting for other party's
close_notify.
- Update SRP to RFC 5054 compliance.
- Removed client handshake "callbacks", no longer support the SRP
re-handshake idiom within a single handshake function.
- Bugfixes
- Added hashlib support, removes Deprecation Warning due to sha and md5.
- Handled GeneratorExit exceptions that are a new Python feature, and
interfere with the async code if not handled.
- Removed:
- Shared keys (it was based on an ancient I-D, not TLS-PSK).
- cryptlib support, it wasn't used much, we have enough other options.
- cryptoIDs (Convergence TACK is better).
- win32prng extension module, as os.urandom is now available.
- Twisted integration (unused?, slowed down loading).
- Jython code (ancient, didn't work).
- Compat support for python versions < 2.7.
- Additions
- Support for Convergence TACK via TACKpy.
- Support for CertificateRequest.certificate_authorities ("reqCAs")
- Added TLSConnection.shutdown() to better mimic socket.
- Enabled Session resumption for XMLRPCTransport.
* Fri Feb 19 2010 jfunk@funktronics.ca
- Use --record-rpm
- Build as noarch
- Split off doc package
* Wed Aug 23 2006 James Oakley <jfunk@funktronics.ca> - 0.3.8-3
- Set prefix
* Tue Jul 25 2006 James Oakley <jfunk@funktronics.ca> - 0.3.8-2
- Build under build service
* Thu Dec 01 2005 James Oakley <jfunk@funktronics.ca> - 0.3.8-1
- Initial release