ANNOUNCE: PureTLS 0.9b5

Eric Rescorla ekr at rtfm.com
Thu Jun 2 12:25:33 EDT 2005 

ANNOUNCE: PureTLS version 0.9b5
Copyright (C) 1999-2005 Claymore Systems, Inc.

http://www.rtfm.com/puretls

DESCRIPTION
PureTLS is a free Java-only implementation of the SSLv3 and TLSv1
(RFC2246) protocols. PureTLS was developed by Eric Rescorla for
Claymore Systems, Inc, but is being distributed for free because we
believe that basic network security is a public good and should be a
commodity. PureTLS is licensed under a Berkeley-style license, which
basically means that you can do anything you want with it, provided
that you give us credit.

This is a beta release of PureTLS. Although it has undergone a fair
amount of testing and is believed to operate correctly, it no doubt contains 
significant bugs, which this release is intended to shake out. Please
send any bug reports to the author at <ekr at rtfm.com>.

CHANGES FROM B4
* SECURITY: Zero OPTIONAL values before parsing. This prevents 
  bleedthrough of those values from previously parsed certificates
  into certificates where they are missing. This is a workaround for a 
  bug in the Cryptix ASN.1 kit.

  The only relevant values are Extensions and Algorithm.Parameters.
  In practice this should not be a problem with Algorithm.Parameters
  Since they're NULL in RSA certificates and always present in real 
  DSA certificates. If you rely on Extensions you should upgrade
  as soon as possible.

  Note: extensions processing is still only partially tested (see
  below). 

* Trim all leading zeros from DH shared keys. This fixes a rare
  compatibility problem.

* Fix handling of pathLen constraints. We were off by one, causing
  some valid certificates to be rejected.


We believe that this is the best version of PureTLS available.  Users
are advised to upgrade as soon as possible. In particular, if you rely
on X.509 extension processing you should upgrade as soon as possible.

This will most likely be the last release of PureTLS distributed 
as a standalone package by Claymore Systems. We have given
the BouncyCastle (http://www.bouncycastle.org) permission to
integrate the PureTLS source code with their library and
we expect them to deliver an integrated system in the future.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list