1.9.7: SSLv2 handshakes, SEED TLS suites, Comb4P
Botan 1.9.7 has been released, offering new TLS features and a new method of combining hash functions.
Some 14 years after the first introduction of SSLv3, and years of known security problems in the SSLv2 protocol, some applications still send SSLv2 client hellos in order to negotiate with SSLv2-only servers. These client hellos are now correctly handled by botan's SSL/TLS code. Note that SSLv2 is not and will not be supported; the only change here is that SSL/TLS client hellos packaged as an SSLv2 hello are processed.
SEED is a South Korean block cipher whose use with TLS is specified in RFC 4269. This release of botan adds support for the TLS SEED ciphersuites.
A new method of combining two hash functions is now available - Comb4P, which is described in Robust Multi-Property Combiners for Hash Functions Revisited, by Marc Fischlin, Anja Lehmann and Krzysztof Pietrzak. It describes a way of combining two n-bit hash functions to produce a 2n-bit output that preserves the collision resistance and PRF properties of the two hashes. This may be useful in applications which are very concerned about hash functions being broken; for instance it allows use of both SHA-512 and Skein-512, such that even if one remains unbroken then the combination will also remain unbroken.
A bug in checking of 'raw' encoding signatures was fixed; verifying a message with leading zero bytes would always fail, even if the signature was valid. This is not security critical as it only caused valid signatures to be rejected (there was no risk of invalid signatures being accepted as a result of this bug). However, using raw (unhashed, unpadded) signature inputs is prone to many different problems and should be avoided if at all possible.
Posted 2010/04/27 in releases; no comments
< 1.9.6 Released: TLS 1.1 and server name indicator | 1.9.8 Released: Windows x64 optimizations, timing attack countermeasures >