Release Summary
- Add a new public API, s2n_client_hello_get_random(), and move client_random storage from the connection to the s2n_client_hello struct so applications can retrieve the client random from a parsed ClientHello.
- Allow multiple application contexts to be set on a s2n-tls connection.
- Warning level TLS alerts may now be non-fatal prior to version negotiation
- Added support for Security Policies to have "strongly preferred" SupportedGroups.
What's Changed
- feat: add client hello random getter by @kaukabrizvi in #5620
- chore: Rust bindings release 0.3.30 by @dougch in #5633
- chore: s2n-tls-hyper version bump by @jouho in #5636
- build(deps): bump the all-gha-updates group across 1 directory with 2 updates by @dependabot[bot] in #5640
- feat: add rfc9151 compat policies by @jouho in #5615
- feat: improve performance of getting validated cert chain from libcrypto by @CarolYeh910 in #5622
- feat: additional rfc9151 compat policy without sha1 hmac by @jouho in #5645
- test: add test certs for cert intent validation by @CarolYeh910 in #5630
- test(integv2): remove dynamic record sizing test and related cleanup by @kaukabrizvi in #5644
- feat: add additional application context into Connection by @boquan-fang in #5637
- chore(bindings-release): s2n-tls v0.3.31 release by @boquan-fang in #5649
- fix: allow for warning level TLS alerts prior to version negotiation by @WesleyRosenblum in #5646
- test(integration): add mTLS integration tests by @kaukabrizvi in #5638
- feat: Ability to set "strongly preferred" groups by @alexw91 in #5634
- refactor(tls-harness): use single test pair IO to allow for decryption by @jmayclin in #5648
Full Changelog: v1.6.1...v1.6.2
Contributors
alexw91, dependabot, and 7 other contributors