- Fix IndexError on junk message (CVE-2015-3220).
- Fix unit-test failure (disable sha256 mac if maxversion < 1.2)
- Merge pull request #98 from davidben/chromium-patches-2
- Fix bug in SRP hashing.
- Merge pull request #106 from tomato42/name-fixes-trevp
- rename description_name
- rename level_name
- rename type_name
- rename cert_types
- rename _server_extensions
- rename _universal_extensions
- rename host_names
- rename server_names
- rename server_type
- rename ext_data
- rename ext_type
- Merge pull request #104 from tomato42/sni-fix
- fix parsing server side server_name extension
- travis.yml: follow redirects, debugging info logging
- Correctly enforce cipher suite version constraints.
- Fix Fault-based test framework.
- Fix client auth for TLS 1.2.
- If ignoreAbrubtClose is set, write failures don't break sessions.
- Fix CertificateRequest initialization.
- Merge pull request #93 from tomato42/gitignore
- ignore coverage html output folder
- Merge pull request #88 from tomato42/handshakesettings-fixes
- promote HandshakeSettings._getCertificateTypes to public
- add check for interdependance of minKeySize and maxKeySize
- unit tests for HandshakeSettings
- promote HandshakeSettings._filter() to public
- adding acknowledgements
- Merge pull request #87 from davidben/chromium-patches-1
- Apply minimal padding.
- Implement FALLBACK_SCSV.
- Fix #! line in httpsserver.sh.
- Fix executable bits on files.
- Merge pull request #86 from tomato42/tests-with-deps-3
- Merge pull request #85 from tomato42/clienthello-tests
- remove BadNextProtos
- test ClientHello.parse with SSLv2 ClientHello
- Fix compatibility issues with pycrypto and gmpy
- fix setting ClientHello.server_name multiple times
- clientHello.supports_npn test
- ClientHello.tack test
- ClientHello.srp_username test
- Merge pull request #84 from tomato42/messages-tests
- test coverage for getExtension and certificate_types
- test coverage for Alert
- Fix test failure on OSX.
- Adding acknowledgements for Mirko.
- Merge pull request #83 from MirkoDziadzka/session-cache
- remove unneeded import
- add tests to reproduce the problem
- fix session cache problem
- Merge pull request #82 from tomato42/test-coverage
- RecordHeader3 test coverage
- test coverage to RecordHeader2
- Trying this coveralls things for test coverage.
- Merge pull request #80 from tomato42/coverage
- add coverage checks to test-dev
- measure coverage in travis-ci
- Merge pull request #78 from tomato42/test-intermediate-10
- add check for code style
- Merge pull request #77 from tomato42/merged-2
- fix all problems with tests
- Merge pull request #68 from tomato42/fix-6568ad9
- fix bug introduced in 6568ad9
- Merge pull request #57 from tomato42/test-intermediate-3
- run tests for every commit in pull request or push [v2]
- make-based tests
- Merge pull request #54 from tomato42/revert-53-test-intermediate
- Revert "More detailed CI"
- Merge pull request #53 from tomato42/test-intermediate
- run tests for every commit in pull request or push
- Merge pull request #51 from tomato42/python26-fix
- add unittest2 import
- Trying travis
- Merge pull request #43 from tomato42/tests-fixes
- Merge pull request #46 from tomato42/cleanup
- don't pollute global namespace with `sieve` temporary variable
- characterisation tests for isPrime
- don't pollute global namespace with `length`
- Merge pull request #45 from tomato42/test-coverage-2
- fix pylint reported formatting issues
- fix missing import in tlslite.extensions
- better test coverage for TACKExtension
- don't use explicit short-circuit in compare
- better test coverage for __eq__ in TLSExtension
- remove duplicate check
- unit tests compatibility with Python2.6
- run self tests using both python2 and python3
- python 2.7.9 compatibility
- change certificate to self signed
- strict is deprecated and removed in 3.4
- deal with unclean socket shutdown
- Merge pull request #40 from tomato42/debugging-aids
- Merge pull request #42 from tomato42/docstring
- fix addExtension docstring
- add __repr__ to ClientHello
- add __str__ to ClientHello
- add __repr__ support to Alert
- add __str__ support to Alert
- add __repr__ to extensions
- add __repr__ to ServerHello
- add __str__ to ServerHello
- add __repr__ to RecordHeader3
- add __str__ handling to RecordHeader3
- Merge pull request #37 from tomato42/server-extensions-4
- Merge pull request #38 from tomato42/parsePEMKey-fixes
- be more precise in naming libraries
- make comment more descriptive in OpenSSL_RSAKey.parse()
- make OpenSSL wrapper handle PKCS#8 files
- characterisation tests for parsePEMKey
- Merge pull request #36 from tomato42/comments
- use extension parsers and serialisers in server hello
- convert server hello to using extensions list
- implement server side version of TACK extension
- fix typo in ClientHello docs
- remove some code duplication in ClientHello
- don't use reserved keyword for name of ServerName type field
- extend note about backwards compatibility for certificate_types
- extend extension handler to ServerHello extensions
- implement server side version of cert type extension
- add tests for cert_type and NPN ServerHello extensions
- Merge branch 'writer-fixes' of git://github.com/tomato42/tlslite-1
into tomato42-writer-fixes
- Merge pull request #34 from tomato42/new-extensions-3
- raise exception when overflowing integers
- Writer characterisation tests
- rename tlsextension to extensions
- harmonise get_extension method name with other method names
- tests for the new extensions variable
- use array to store ClientHello extensions
- make TLSExtension parse() into a factory function
- implement the ClientHello version of cert_type extension
- implement SRP extension
- implement NextProtocolNegotiation extension
- codec: method to return remaining buffer size
- implement class for ServerNameIndication extension
- add class handling generic TLS Extensions
- Merge pull request #32 from tomato42/client-hello-ext-parser-tests
- add parser tests for extensions in ClientHello
- clean up also in unit_tests directory
- Merge pull request #30 from tomato42/epydoc-fixes
- Merge pull request #31 from tomato42/parser-fixes
- fix getFixBytes boundary checking
- add characterisation tests for Parser
- add graphs to generated documentation
- add docs/ directory to .gitignore
- add test for epydoc to test-dev target
- fix epydoc warnings
- Merge pull request #29 from tomato42/test-suite-2
- ServerHello unit tests
- simple unit tests for ClientHello class (v3)
- remove dead code
0.4.8 - 11/12/2014
- Added more acknowledgements and security considerations
0.4.7 - 11/12/2014
- Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
- Don't offer SSLv3 by default (e.g. POODLE)
- Fixed bug with PyCrypto_RSA integration
- Fixed harmless bug that added non-prime into sieves list
- Added "make test" and "make test-dev" targets (Hubert Kario)
0.4.5 - 3/20/2013
- **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
to a closed connection. This inherits from socket.error, so should
interact better with SocketServer (see http://bugs.python.org/issue14574)
and other things expecting a socket.error in this situation.
- Added support for RC4-MD5 ciphersuite (if enabled in settings)
- This is allegedly necessary to connect to some Internet servers.
- Added TLSConnection.unread() function
- Switched to New-style classes (inherit from 'object')
- Minor cleanups
0.4.4 - 2/25/2013
- Added Python 3 support (Martin von Loewis)
- Added NPN client support (Marcelo Fernandez)
- Switched to RC4 as preferred cipher
- faster in Python, avoids "Lucky 13" timing attacks
- Fixed bug when specifying ciphers for anon ciphersuites
- Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
- (this function is not used for TLS currently, and this tolerance may
not even be necessary)
0.4.3 - 9/27/2012
- Minor bugfix (0.4.2 doesn't load tackpy)
0.4.2 - 9/25/2012
- Updated TACK (compatible with tackpy 0.9.9)
0.4.1 - 5/22/2012
- Fixed RSA padding bugs (w/help from John Randolph)
- Updated TACK (compatible with tackpy 0.9.7)
- Added SNI
- Added NPN server support (Sam Rushing/Google)
- Added AnonDH (Dimitris Moraitis)
- Added X509CertChain.parsePemList
- Improved XML-RPC (Kees Bos)
0.4.0 - 2/11/2012
- Fixed pycrypto support
- Fixed python 2.6 problems
0.3.9.x - 2/7/2012
Much code cleanup, in particular decomposing the handshake functions so they
are readable. The main new feature is support for TACK, an experimental
authentication method that provides a new way to pin server certificates (See
https://github.com/moxie0/Convergence/wiki/TACK ).
Also:
- Security Fixes
- Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
Client Hello. Does not support renegotiation (never has).
- Change from e=3 to e=65537 for generated RSA keys, not strictly
necessary but mitigates risk of sloppy verifier.
- 1/(n-1) countermeasure for BEAST.
- Behavior changes:
- Split cmdline into tls.py and tlstest.py, improved options.
- Formalized LICENSE.
- Defaults to closing socket after sending close_notify, fixes hanging.
problem that would occur sometime when waiting for other party's
close_notify.
- Update SRP to RFC 5054 compliance.
- Removed client handshake "callbacks", no longer support the SRP
re-handshake idiom within a single handshake function.
- Bugfixes
- Added hashlib support, removes Deprecation Warning due to sha and md5.
- Handled GeneratorExit exceptions that are a new Python feature, and
interfere with the async code if not handled.
- Removed:
- Shared keys (it was based on an ancient I-D, not TLS-PSK).
- cryptlib support, it wasn't used much, we have enough other options.
- cryptoIDs (TACK is better).
- win32prng extension module, as os.urandom is now available.
- Twisted integration (unused?, slowed down loading).
- Jython code (ancient, didn't work).
- Compat support for python versions < 2.7.
- Additions
- Support for TACK via TACKpy.
- Support for CertificateRequest.certificate_authorities ("reqCAs")
- Added TLSConnection.shutdown() to better mimic socket.
- Enabled Session resumption for XMLRPCTransport.
schmonz