[Haskell-cafe] heads-up: tls v2.0.0
Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=)
kazu at iij.ad.jp
Fri Jan 19 01:21:56 UTC 2024
Hello guys,
I'm planning to release the "tls" package v2.0.0 probably within one
month. It removes TLS 1.0/1.1 and provides only TLS 1.2/1.3 with safe
cipher suites according to recent RFCs and internet-drafts.
This version does not change the default usage. But if you are using
custom parameters, you might have to modify your code. This breaking
change is *intentional* to notice users that they are using vulnerable
versions and/or parameters.
The attached is the current change log.
--Kazu
## Version 2.0.0
* `tls` now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
* Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed.
* Security: BREAKING CHANGE: all CBC cipher suite are removed.
* Security: BREAKING CHANGE: RC4 and 3DES are removed.
* Security: BREAKING CHANGE: DSS(digital signature standard) is removed.
* Security: BREAKING CHANGE: TLS 1.2 servers require
EMS(extended master secret) by default.
* BREAKING CHANGE: the package is now complied with `Strict` and `StrictData`.
* BREAKING CHANGE: Many data structures are re-defined with
`PatternSynonyms` for extensibility.
* BREAKING CHANGE: the structure of `SessionManager` is changed
to support session tickets.
* API: `handshake` can receive an alert of client authentication failure
for TLS 1.3
[#463](https://github.com/haskell-tls/hs-tls/pull/463)
* API: `bye` can receive NewSessionTicket for TLS 1.3
* Channel binding: `getFinished` and `getPeerFinished` are deprecated.
Use `getTLSUnique` instead.
* Channel binding: `getTLSExporter` and `getTLSServerEndPoint` are provided.
[#462](https://github.com/haskell-tls/hs-tls/pull/462)
* Refactoring: the monolithic `handshake` is divided to follow
the diagram of TLS 1.2 and 1.3 for readability.
* Refactoring: test cases are refactored for maintenability
and readablity. `hspec` is used instead of `tasty`.
* Code format: `fourmolu` is used as an official formatter.
More information about the Haskell-Cafe
mailing list