This release introduces a few new features. First, it adds support for the Brainpool Elliptic Curves (and their use in SSL ciphersuites) as defined in the new RFC 7027. After all the talk about possible involvement of the NSA in the NIST curves, we wanted to offer an alternative as soon as possible. As far as we know this is the first library to release a version with support for these curves that are not influenced by NIST or the NSA.
In addition we have added support for the ECDHE-PSK and RSA-PSK ciphersuites. We already had all the base components and we have now added full support for the SSL key exchanges. These can be enabled with POLARSSL_KEY_EXCHANGE_ECDHE_PSK and POLARSSL_KEY_EXCHANGE_RSA_PSK.
RSA blinding has been changed to lock a smaller portion of code and the TLS compression code in the SSL layer now only allocates a single buffer per connection.
For better compatibility support for
readdir_r() on non-Windows systems can be indicated with POLARSSL_HAVE_READDIR_R and config.h has been adapted to allow better use in scripts to enable / disable options.
A large number of fixes have been done to reduce warnings when using the MSVC compilers. Numerous fixes have been done to prevent errors and warnings and fix a possible naming collision in dhm_context.
Who should update
Our advice for all users of PolarSSL is to update to this branch!
Get your copy here: polarssl-1.3.1-gpl.tgz
The hashes for polarssl-1.3.1-gpl.tgz are:
SHA-1 : b33856a1b2f736b18a49a20d48986bce6b3133f5 SHA-256: b60d59c24d3744e5c16121054bfdac5615bffb19974ee7e0c1964eeb481612b3