Releases: mirleft/ocaml-tls
Releases · mirleft/ocaml-tls
1.0.4
1.0.3
1.0.2
1.0.1
CHANGES:
- tls-miou-unix: fix file descriptor leak (#508 @dinosaure)
- tls-miou-unix: fix fuzz test (#507 @dinosaure)
Contributors
dinosaure
Assets 3
1.0.0
CHANGES:
- API breaking change: remove usage of Cstruct.t inside of TLS, use bytes
and string instead (#497 by @art-w, @hannesm, @dinosaure, @reynir)
Performance is up to 3x improved (bandwidth), 2x improvement for handshake/s
on an Intel Core(TM) i7-5600U CPU @ 2.60GHz - FEATURE: add tls-miou-unix package, which adds miou support for TLS
(#494 #503 @dinosaure) - FEATURE: tls-lwt and tls-async: allow TLS over an existing connection
Tls_lwt.client_of_channels : Tls.Config.client -> ?host:[host] Domain_name.t -> Lwt_io.input_channel * Lwt_io.output_channel -> t Lwt.tandTls_lwt.server_of_channels : Tls.Config.server -> Lwt_io.input_channel * Lwt_io.output_channel -> t Lwt.t`
(#499 @art-w @MisterDA) - API breaking changes: revise errors - reduce the polymorphic variant
in size, align it with RFC specified errors, be in parts more precise
about errors, in other parts skip data (#505, @hannesm - fixes #491)
NB: if you relied on a specific error constructor, please open an issue - Remove unused constructors from Packet.{alert_type, compression_methods,
client_certificate_type, extension_type} (#505, @hannesm)
NB: if you relied on specific constructors, please open an issue - API breaking change: Tls.Config.{server,client} now return a result
type instead of raising an exception (#502, @hannesm, fixes #411) - FEATURE: add bench/speed.exe, a benchmark for bandwidth (for different
ciphersuites) and handshakes (different key exchanges and private keys)
(#500 @hannesm @dinosaure @reynir) - BUGFIX: tests/feedback.exe update with TLS 1.3 semantics, run as test
(#501, @hannesm - reported by @dinosaure)
Contributors
hannesm, dinosaure, and 3 other contributors
Assets 3
0.17.5
CHANGES:
- tls: documentation: clarify send_application_data (#492 @reynir)
- BUGFIX: tls: export_key_material was wrong for the server side on TLS 1.3,
reported in robur-coop/miragevpn#181 by @reynir, fix in #495 @hannesm - FEATURE: tls: add channel_binding (RFC 5929, RFC 9266) support (tls_unique,
tls_exporter, tls_server_endpoint), requested by @Neustradamus in #484, added
in #496 by @hannesm
Contributors
Neustradamus, hannesm, and reynir
Assets 3
0.17.4
CHANGES:
- tls: handle half-closed connection properly: a received CLOSE_NOTIFY does not
lead to a CLOSE_NOTIFY to be sent (asend_close_notifysends it explicitly)
(#488 @hannesm) - tls: modify return type of
handle_tls- the Alert is now in the right hand
side, and`Eofis explicit in the second part of the tuple
(#488 @hannesm) - tls: remove
can_handle_appdata, the functionhandshake_in_progressis
available (#488 @hannesm) - tls-mirage: avoid exceptions in reneg and rekey (#487 @hannesm)
- tls: remove HEARTBEAT decoding - HEARTBEAT was never supported in this
library, the decoder was superfluous (#487 @hannesm) - tls-mirage: provide
underlying : flow -> FLOW.flow(#487 @hannesm,
fixes #425 @dinosaure) - tls-mirage: implement mirage-flow 4 API (
val shutdown) (#488 @hannesm) - tls-eio: adapt to half-closed connections (#488 @talex5)
- tls-eio: implement Eio.Resource.Close (#489 @paurkedal, reviewed by @talex5)
Contributors
paurkedal, hannesm, and 2 other contributors
Assets 3
0.17.3
CHANGES:
- tls: provide Engine.export_key_material, which implements RFC 5705 (and 8446)
TLS EKM (#482 @hannesm) - tls: fix protocol_version in Engine.epoch (TLS 1.3 always pretended TLS 1.0)
(#482 @hannesm) - tls: add the side (
`Clientor`Server) to epoch_data
(#482 @hannesm) - BREAKING tls: Engine.epoch - return result instead of custom variant
(#483 @hannesm)
Contributors
hannesm
