Skip to content

Version 1.1.0
Compare
Choose a tag to compare
@Ousret Ousret released this 20 Sep 10:56
· 11 commits to main since this release
v1.1.0
f39c656
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

1.1.0 (2024-09-20)

Added

  • Support for Post-Quantum KX Kyber768 (NIST Round 3) with X25519.
  • Backport "QUIC Version 2".
    "Rework packet encoding to support different protocol versions" aiortc@bd3497c
    "Add encryption for QUIC v2" aiortc@abf5189
    "Refactor retry / version negotiation handling" aiortc@70dd040
    "Add support for version_information transport parameter" aiortc@a59d9ad
    "Check Chosen Version matches the version in use by the connection" aiortc@a59d9ad

Changed

  • Insert GREASE in KX, TLS Version and Ciphers.
  • Backport "Only buffer up to 512 KiB of pending CRYPTO frames" aiortc@174a2eb
  • Backport "Improved path challenge handling" aiortc@b507364
  • Backport "Limit the number of pending connection IDs marked for retirement." aiortc@4f73f18
  • Backport "During address validation, count the entire received datagram" aiortc@afe5525
  • Update aws-lc-rs v1.8.1 to v1.9.0
  • Default supported signature algorithms to: ECDSA_SECP256R1_SHA256, RSA_PSS_RSAE_SHA256, RSA_PKCS1_SHA256, ECDSA_SECP384R1_SHA384, RSA_PSS_RSAE_SHA384, RSA_PKCS1_SHA384, RSA_PSS_RSAE_SHA512, RSA_PKCS1_SHA512, ED25519.

Fixed

  • Certificate fingerprint matching.
  • Backport upstream urllib3/urllib3#3434: util/ssl: make code (certificate fingerprint matching) resilient to missing hash functions.
    In certain environments such as in a FIPS enabled system, certain algorithms such as md5 may be unavailable.

Misc

  • Backport "Use is for type comparisons" aiortc@5c55e0c
  • Postpone annotations parsing with from __future__ import annotations everywhere in order to simplify type annotations.
Assets 3
Loading