The first version of the new feature branch 1.3 is now released as PolarSSL version 1.3.0! This branch brings a number of major new features, internal changes, bug fixes and security fixes.
We made separate articles on all the new features in PolarSSL 1.3.0 and how to migrate from the PolarSSL 1.2 branch to the PolarSSL 1.3 branch.
Check it out and let us know if you run into any issues!
One major feature that has been added is Elliptic Curve cryptography and the support for the ECDHE-RSA and ECDHE-ECDSA ciphersuites, X509 certificates and reading and writing of keys.
In addition the Pre-shared key ciphersuites based on PSK and DHE-PSK have both been added to the core. Allowing us to provide even smaller footprint for SSL/TLS binaries.
A memory allocation abstraction layer and threading abstraction layer have been added to make it even easier to integrate PolarSSL with existing embedded Operating Systems or bare-metal systems.
The X509 writing module now supports generating X509 certificates and using Certificate Signing Requests (CSR).
Furthermore the entire codebase has been split up further to allow more granular control over what features and code should be present in your binary.
And more. Check out the article on new features in PolarSSL 1.3.0 for more details.
The internals of a lot of modules have undergone reconstruction and have resulted in some changes to the existing API. More details on the changes you can expect can be found in the article on migrating from the PolarSSL 1.2 branch to the PolarSSL 1.3 branch.
The SHA2 module has been renamed to SHA256 and the SHA4 module has been renamed to SHA512 in light of the official release of SHA-3.
You now have the ability to really disable specific SSL / TLS protocol versions. Thus allowing you to reduce the code size and prevent attacks on those protocol version.
Ciphersuites now have their own representation and are all located inside the ssl_ciphersuites module. It is now very easy to add your own custom ciphersuites, based on existing primitives, without needing to add any code except for a ciphersuite definition.
Most OID's and search / translate functionality has been moved inside a separate OID database module to create cleaner code in the original modules.
And more. Details can be found in the ChangeLog.
Minor memory leaks, file descriptor leaks and other fixes in uncommon scenarios have been fixed.
This release fixes a remote timing attack that can potentially recover the RSA private key (Security Advisory 2013-05).
Who should update
Our advice for all users of PolarSSL is to update to this branch!
Get your copy here: polarssl-1.3.0-gpl.tgz
The hashes for polarssl-1.3.0-gpl.tgz are:
SHA-1 : 498ab9df99dd1add999a4e95d4d3c5412b0d1b23 SHA-256: ab4dd4099e77e3432f0d18af32c4a7fd7ea9b7c4bdfa57852dc6cf5d2262f836