With the recent new attack on RC4 ciphersuites, in combination with the existing BEAST and similar attacks, some applications benefit from having different ciphersuite preferences depending on the SSL / TLS protocol version used. This release adds the ability to specify the allowed ciphersuite per protocol version with
The default keysize for the Cipher layer definitions of the Blowfish cipher has been changed to 128-bits. And if order to prevent compilation issues on the Raspberry Pi, the larger test suites have been chopped up into smaller subsets.
A fix for the ARM assembly in the MPI module for specific compilers / arguments is included. The GCM module has been 'fixed' to allow sizes over 2^29 bytes in length.
Who should update
Our advice for users of the PolarSSL 1.2 branch is to update:
- if your code runs on an ARM platform
- if your application needs protocol version specific preferences for ciphersuites
Get your copy here: polarssl-1.2.7-gpl.tgz
The hashes for polarssl-1.2.7-gpl.tgz are:
SHA-1 : 7c3eb56312b3dcaa8edf08d10fcc5cb94f7f6606 SHA-256: d64c2d1247f93cdeb884bd3706dfddffc636634bbf81d3772af750d5b5191328