OpenConnect 4.03 release

David Woodhouse dwmw2 at infradead.org
Mon Jul 2 07:03:15 EDT 2012


Some compatibility fixes for GnuTLS — we need to advertise TLSv1 not
SSLv3 in the ClientHello, and we also need to support old cipher suites
like RC4-MD5 because that's all that some servers will permit.

There's also a fix for the MTU handling in the upcoming GnuTLS 3.0.21
release — we were relying on buggy behaviour of GnuTLS and now we're
more robust. And another MTU-related fix for the fact that we confusing
the MTU that we *requested* from the server, and the MTU that it
subsequently *told* us to use.

This release adds support for more types of encrypted OpenSSL PEM file
(although 3DES is the common one, which was already supported in 4.00).

Finally, Tiago Vignatti provided a fix to the --no-proxy option which
has been lacking a 'break' in the switch statement and falling through
to the subsequent option, ever since we first introduced it.

ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz
ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz.asc

David Woodhouse (7):
      Improve cipher coverage of OpenSSL encrypted PEM support for GnuTLS
      Remove hard-coded table of ciphers for PEM decryption
      Advertise TLS1.0 not SSL3.0 in GnuTLS ClientHello
      Fix GnuTLS DTLS MTU for GnuTLS 3.0.21 and above
      Separate requested from received MTU settings
      Update changelog
      Tag version 4.03

Tiago Vignatti (1):
      Fix --no-proxy option

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120702/dc922103/attachment.bin>


More information about the openconnect-devel mailing list