With the recent new attack on RC4 ciphersuites, in combination with the existing BEAST and similar attacks, some applications benefit from having different ciphersuite preferences depending on the SSL / TLS protocol version used. This release adds the ability to specify the allowed ciphersuite per protocol version withssl_set_ciphersuites_for_version().
The default keysize for the Cipher layer definitions of the Blowfish cipher has been changed to 128-bits. And if order to prevent compilation issues on the Raspberry Pi, the larger test suites have been chopped up into smaller subsets.
A fix for the ARM assembly in the MPI module for specific compilers / arguments is included. The GCM module has been 'fixed' to allow sizes over 2^29 bytes in length.
Who should update
Our advice for users of the PolarSSL 1.2 branch is to update:
- if your code runs on an ARM platform
- if your application needs protocol version specific preferences for ciphersuites