- Update from version 3.4.1 to 3.5.0
- Update of rootfile
- The changelog mentions some potentially significant or incompatible changes. From the
description they don't seem to be ones that would not work with IPFire but I will
look at evaluating the new version in my vm testbed and reporting back.
- Changelog
3.5.0
This release incorporates the following potentially significant or incompatible
changes:
Default encryption cipher for the req, cms, and smime applications
changed from des-ede3-cbc to aes-256-cbc.
The default TLS supported groups list has been changed to include and
prefer hybrid PQC KEM groups. Some practically unused groups were removed
from the default list.
The default TLS keyshares have been changed to offer X25519MLKEM768 and
and X25519.
All BIO_meth_get_*() functions were deprecated.
This release adds the following new features:
Support for server side QUIC (RFC 9000)
Support for 3rd party QUIC stacks including 0-RTT support
Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
A new configuration option no-tls-deprecated-ec to disable support for
TLS groups deprecated in RFC8422
A new configuration option enable-fips-jitter to make the FIPS provider
to use the JITTER seed source
Support for central key generation in CMP
Support added for opaque symmetric key objects (EVP_SKEY)
Support for multiple TLS keyshares and improved TLS key establishment group
configurability
API support for pipelining in provided cipher algorithms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / mfischer / ipfire-2.x.git / commit
