[botan-devel] Botan 2.8.0 released
jack at randombit.net
Mon Oct 1 11:23:39 EDT 2018
I'm pleased to announce Botan 2.8.0 has been released. Notable changes include
- TLS v1.0 and v1.1 protocols (as well as DTLS v1.0) are DISABLED BY DEFAULT
starting in this release. In addition the CBC and CCM TLS ciphersuites are
also disabled by default. There is no reason to ever use the CBC ciphersuites
in TLS v1.2, and CCM is only for niche IOT uses. Some applications may need
to modify their TLS policies in order to explicitly enable these
- Added support for using Apple's CommonCrypto library for hashing and
symmetric ciphers. This may provide notable performance improvements for iOS
applications, depending on what the hardware supports.
- Added support for XChaCha stream cipher and XChaCha20Poly1305 AEAD.
- New AVX2 implementations of ChaCha and Serpent.
- Addition of a new interface for password hashing that supports Scrypt (which
current PBKDF interface does not) and will be able to support Argon2 and
other schemes in the future.
- Addition of a Lucas test during primality testing, which effectively
eliminates any chance of incorrectly accepting a composite as prime, even
when using only a small number of Miller-Rabin iterations.
- Many improvements and extensions to the C binding to support new users such
as the Rust binding (https://crates.io/crates/botan) and strongSwan plugin.
- Many improvements to the Python module (new features, better error checking, etc)
- Hardening of default password hash params: bcrypt now uses work factor 12 by
default (was 10), passhash9 defaults to 150K PBKDF2 iterations (was 100K).
Plus many smaller features, bug fixes, and optimizations documented in the
release notes https://botan.randombit.net/news.html#version-2-8-0-2018-10-01
Please note this is the last release that will support Visual C++ 2013, and for
this release, if building under VC 2013, you must use the flag
--ack-vc2013-deprecated at configure time.
More information about the botan-devel