mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-28 05:29:48 +00:00
efadb98a29
This release fixes CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this. Some of additional fixes, features and functionality: * GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted in private key info objects; GOST3412-2015 has been added to the JCE provider and the lightweight API. * SCRYPT is now supported as a SecretKeyFactory in the provider and in the PKCS8 APIs. * The BCJSSE provider now supports Server Name Indication, session resumption in clients, the jdk.tls.namedGroups and org.bouncycastle.jsse.ec.disableChar2 system properties. * ECGOST-2012 public keys were being encoded with the wrong OID for the digest parameter in the algorithm parameter set. This has been fixed. * The BCJSSE SSLEngine implementation now correctly wraps/unwraps application data only in whole records. Further details on other additions and bug fixes can be found in the release notes at: https://www.bouncycastle.org/releasenotes.html Security: CVE-2017-13098 |
||
---|---|---|
.. | ||
files | ||
distinfo | ||
Makefile | ||
pkg-descr | ||
pkg-plist |