Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump tlslite-ng from 0.8.0a44 to 0.8.2 #1888

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump tlslite-ng from 0.8.0a44 to 0.8.2 #1888

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 22, 2025

Bumps tlslite-ng from 0.8.0a44 to 0.8.2.

Release notes

Sourced from tlslite-ng's releases.

v0.8.2

  • Additional test vectors for the RSA implicit rejection mechanism
  • fix negotiation of TLS 1.2 Brainpool group IDs in TLS 1.3

v0.8.1

  • apply checks to ec_point_formats extension only when negotiating TLS 1.2 or earlier (Ganna Starovoytova)

v0.8.0

  • DEPRECATION NOTICE: camelCase method and argument names are considered now deprecated, ones that use underscore_separator are now the primary ones (the procedure to support it is not yet finished, but any new code must follow this new style and new deprecations will be introduced as time goes on. Please run your test suite with -Wd to see where the depracated calls are being made, the python standard DeprecationWarning will be emited there)
  • Python 3.2, 3.3, and 3.4 is not supported any more (dropped by python-ecdsa)
  • fix compatibility issue with 8192 bit SRP group from RFC 5054
  • fix CVE-2018-1000159 - incorrect verification of MAC in MAC then Encrypt mode
  • workaround CVE-2020-26263 - Bleichenbacher oracle in RSA decryption. Please note that while the code was fortified, because of peculiarities of python, it's not possible to fully fix it. If you require resistance against side-channel attacks please use a different library.
  • fix Python_RSAKey multithreading support - performing private key operation in two threads at the same time could make all future calls return incorrect results
  • Python 3.7 support (async is now a keyword) (Pierre Ståhl)
  • Python 3.8 test suite compatibility
  • Python 3.9 support (slight changes in imaplib caused our wrapper to stop working)
  • Compatibility with M2Crypto on Python 3
  • fix Python 2 comaptibility issue with X.509 DER parsing (Erkki Vahala)
  • TLS 1.3
    • final RFC 8446 support
    • TLS 1.3 specific ciphers (AES-GCM, AES-CCM, AES-CCM8 and Chacha20)
    • TLS 1.3 specific extensions and extension code points
    • 1-RTT handshake mode
    • HelloRetryRequest support
    • PSK with (EC)DH key exchange
    • pure PSK
    • session resumption in TLS 1.3 using PSK tickets
    • padding support (Stanislav Zidek)
    • 0-RTT handshake tolerance (the early data will be ignored but handshake will succeed)
    • cookie extension
    • downgrade sentinels in ServerHello.random
    • TLS Keying Material Exporter support in TLS 1.3 (Simo Sorce)
    • client certificate support (Simo Sorce)
    • KeyUpdate support
    • post-handshake key authentication
  • fix minor compatibility issue with Jython2.7 (Filip Goldefus)

... (truncated)

Commits
  • c93df82 release 0.8.2
  • ef3b623 Merge pull request #541 from tlsfuzzer/rsa-test-vectors
  • 821811e require specific ubuntu version for py3.7
  • 36dcaae zero padded and 4096 with second to last length
  • c03847e More 4096 bit vectors
  • b95f6c0 reformat the 3072 and 4096 tests to follow the draft, add few examples
  • aa0d560 update 2049 bit RSA test vectors for implicit rejection
  • b6a3c71 more test vectors for the 2049 bit RSA key
  • 6bd403a Merge pull request #539 from tlsfuzzer/no-brainpool-in-tls1.3
  • ecc8441 don't negotiate legacy brainpool IDs in TLS 1.3
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump tlslite-ng from 0.8.0a44 to 0.8.2
fc347c5 
Bumps [tlslite-ng](https://github.com/tlsfuzzer/tlslite-ng) from 0.8.0a44 to 0.8.2.
- [Release notes](https://github.com/tlsfuzzer/tlslite-ng/releases)
- [Commits](tlsfuzzer/tlslite-ng@v0.8.0-alpha44...v0.8.2)

---
updated-dependencies:
- dependency-name: tlslite-ng
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 22, 2025
@dependabot dependabot bot mentioned this pull request Jan 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants