[Botan-announce] Botan 2.5.0 released

Jack Lloyd jack at randombit.net
Mon Apr 2 10:08:14 EDT 2018

I'm happy to announce the release of Botan 2.5.0

This release fixes one security issue, a bug in handling of wildcard
certificates (CVE-2018-9127). A wildcard certificate could be used for hosts
other than those it was intended for, though they must still be in the same
domain. A arbitrary prefix before the wildcard portion was accepted, for example
a certificate for ``foo*.example.net`` would be accepted as matching the host
``notfoobar.example.net``. This bug was introduced in 2.2.0.

There are many performance improvements in this release, especially in the ECC
operations. ECDSA signatures are roughly ten times faster than in 2.4. Other ECC
operations are 2-4 times faster. Non-ECC public key algorithms were also
improved: DSA is 30-50% faster, RSA is 20-30% faster, and DH is 15-30% faster.

New TLS features include support for RSA-PSS signatures, support for using
custom extensions, and support for negotiating custom elliptic curves.

Other new features include Ed25519 certificates, support for POWER AES
instructions, support for multiple DNS names in certificates, and a new
algorithm for generating safe primes which is 10s of times faster. Many other
smaller features and bug fixes are documented in the release notes.

Download at

SHA-256 b8a31fe03e7f048a5bd3967ecd04b6a48966215e78792df06e333b0eede4fb1b


More information about the botan-announce mailing list