Name: | gnutls-dane |
---|---|
Epoch: | 10 |
Version: | 3.6.16 |
Release: | 8.el8_9.3_fips |
Architecture: | aarch64 |
Group: | System Environment/Libraries |
Size: | 70520 |
License: | GPLv3+ and LGPLv2+ |
RPM: | gnutls-dane-3.6.16-8.el8_9.3_fips.aarch64.rpm |
Source RPM: | gnutls-3.6.16-8.el8_9.3_fips.src.rpm |
Build Date: | Fri Apr 12 2024 |
Build Host: | build-ol8-aarch64.oracle.com |
Vendor: | Oracle America |
URL: | http://www.gnutls.org/ |
Summary: | A DANE protocol implementation for GnuTLS |
Description: | GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. This package contains library that implements the DANE protocol for verifying TLS certificates through DNSSEC. |
- Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526] - Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526] - Change Epoch from 1 to 10_fips
- Fix memleak with older GMP (RHEL-28957)
- Fix timing side-channel in deterministic ECDSA (RHEL-28957)
- auth/rsa-psk: minimize branching after decryption (RHEL-21586)
- auth/rsa_psk: side-step potential side-channel (RHEL-16753)
- Clear server's session ticket indication at rehandshake (#2089817)
- Fix x86_64 CPU feature detection when AVX is not available (#2131152) - Fix timing side-channel in TLS RSA key exchange (#2162598)
- Fix double-free in gnutls_pkcs7_verify (#2109788)
- p11tool: Document ID reuse behavior when importing certs (#1776250)
- Treat SHA-1 signed CA in the trusted set differently (#1965445)