ANNOUNCE: PureTLS version 0.9b3

Eric Rescorla ekr at rtfm.com
Wed Oct 16 20:36:22 EDT 2002


http://www.rtfm.com/puretls

Claymore Systems is pleased to announce the availability of
PureTLS version 0.9b3. 

DESCRIPTION
PureTLS is a free Java-only implementation of the SSLv3 and TLSv1
(RFC2246) protocols. PureTLS was developed by Eric Rescorla for
Claymore Systems, Inc, but is being distributed for free because we
believe that basic network security is a public good and should be a
commodity. PureTLS is licensed under a Berkeley-style license, which
basically means that you can do anything you want with it, provided
that you give us credit.

This is a beta release of PureTLS. Although it has undergone a fair
amount of testing and is believed to operate correctly, it no doubt contains 
significant bugs, which this release is intended to shake out. Please
send any bug reports to the author at <ekr at rtfm.com>.



MAJOR CHANGES FROM BETA 2
* SECURITY: Improved Bleichenbacher (Million-Message Attack) protection
  (only relevant for servers)

* Improved certificate checking, including:
    	Basic Constraints (CA certificates only)
	Key Usage (CA certificates only)
	Validity Dates

* Allow clients to continue if client auth is requested but no cert available.
* Fixed RSASignature to avoid a 1/255 chance of generating a bad signature.
* Tightened up a lot of checks for bad protocol data to improve error
  reporting.
* Many bug fixes.


We believe that this is the best version of PureTLS available.  Users
are advised to upgrade as soon as possible. Server users using RSA
should upgrade to get the improved Bleichenbacher protection.


AVAILABILITY
PureTLS can be found at:
http://www.rtfm.com/puretls

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list