WebServer-specific changes
Core improvements:
- I/O: Make sure to ignore SIGPIPE.
- Locale: LC_ALL should override all other locale settings.
- Tracing: Added missing TRACE_LEAVE().
Databases improvements:
- DBs: Restore SIGPIPE signal handler after creating Mysql connections.
- DBs: Implemented renaming of backup schedules.
- DBs: Added button to delete backup schedules.
- DBs: Added interface to add new backup schedules.
- DBs: Added interface to change the backup schedule for a db.
- DBs: List the backup schedules for the databases.
- DBManager: Default to not backing up external databases.
Modules improvements:
- Relay2: Fix for erroneously closing tags during rewrite.
- Relay2: Fix for double zipped data.
- Directories: Fixed broken redirect on empty lock file.
Protocols improvements:
- SSL: Support TLS 1.1 and TLS 1.2.
- SSL: Avoid setting the minimum version higher than supported.
RXML improvements:
- <translate/>: Complain about missing required attributes.
- <cache>: Fix bug where caching was effectively disabled with generation-variable.
- Static Resource: Don't attempt to stat paths with a leading double slash.
- cimg: Add defvar for default arguments.
- RXML: Added cleaup() to TagCache.
- <insert/>: Don't require the source attribute.
- <insert/>: Complain about missing plugins in do_enter().
Pike-specific changes
Compiler improvements:
- Build: Improved forward compatibility with Pike 8.0 precompiler.
Core improvements:
- Cpp: Rename some of the hashtable functions.
Databases improvements:
- Mysql: Restore the SIGPIPE signal handler.
- Sql.odbc: Survive old Odbc module.
Modules improvements:
- ADT.Heap: Improved robustness.
- Parser.XML.Tree: Fixed handling of namespaced attributes.
- Parser.XML.Tree: Increased strictness of namespace parser.
- Parser.XML: Added some default required namespaces.
- Calendar: Updated to tzdata2015g.
- Protocols.DNS: Reduce race-condition window in do_query().
- ADT.Heap: Fixed NULL-deref.
- ADT.Heap: Added ADT.Heap.Element.
Runtime improvements:
- Runtime: Added low-level API restore_signal_handler().
- Threads: Added support for setting a thread time quanta.
SSL/TLS improvements:
- SSL.Cipher: Use Crypto.DH for Diffie-Hellman KEX.
- SSL.Cipher: Reduced DH overhead by a factor ~8.
- SSL: Fix an exception for client hello packages close to 512 bytes.
- SSL.Constants: Added some missing CCM constants from RFC 6655.
- SSL.Constants: Applied errata to RFC 6367.
- SSL.context: Added sort_suites().
- SSL.connection: Implement 1/(n-1) measure against BEAST.
- SSL: Fix priorities for anonymous cipher suites.
- SSL.Cipher: Support KeyExchange using ECDHE.
- SSL.handshake: Only use extensions the client has asked for.
- SSL.handshake: Added the ECC extensions from RFC 4492.
- SSL.Cipher: Improved TLS 1.2 compatibility.
- SSL.Constants: Added some more AES-GCM cipher suites.
- SSL.Constants: Added some AES-GCM cipher suites.
- SSL: Add support for AEAD ciphers.
- Nettle: Added Galois Counter Mode (GCM)
- Stop sending timestamp in server_random.
- SSL.context: Added get_suites().
- SSL.Constants: Reduce the estimated strength of DES40.
- SSL.Cipher: Added HMAC SHA384 and HMAC SHA512.
- Handle weak DES/DES3 keys better.
- SSL.Cipher: Filter suites obsoleted in TLS 1.1 and 1.2.
- SSL.Constants: Added some SHA256 cipher suites.
- SSL.Cipher: Support HMAC using SHA256.
- SSL.handshake: Send EXTENSION_signature_algorithms.
- Crypto: Added SHA 224, 384 and 512.
- Crypto.RSA: Fixed API for pkcs_{sign,verify}().
- SSL.handshake: Support EXTENSION_signature_algorithms.
- SSL.Cipher: Enable support for TLS 1.2.
- Crypto: Backported Crypto.[DR]SA()->pkcs_{sign,verify}() from Pike 8.0.
- SSL.Cipher: Added KeyExchangeDH and KeyExchangeDHE.
- SSL.Cipher: Added KeyExchangeRSA and KeyExchangeGeneric.
- SSL: Made client_random more random.
- SSL: Made the packet size configurable.
- SSL: Survive servers returning an SNI extension.
- SSL/Protocols.HTTP: Add client support for SNI (server name indication)
- SSL: Added parsing of the server_name extension from RFC 4366 3.1.
- SSL: Support exportable cipher suites in the client.
- SSL: Add support for some CAMELLIA cipher suites.
- SSL: Support DHE on the client side.
- SSL: Define and enable the DHE_RSA cipher suites.
- SSL: Adjusted the estimated effective keylengths.
- SSL: Updated with constants from RFC 5932, 6209, 6367 and 6655.
- Updated list of TLS extensions from IANA.
- By default, require >=128 bit ciphers.
- SSL: Added support for specifying the minimum and maximum versions of SSL.
- SSL: Added symbolic constants for the SSL versions.
- SSL: Fixed support for downgrading in client mode.
- SSL: TLS 1.1 (aka SSL 3.2) is now supported!
- SSL: Support TLS 1.1 IVs.
- Nettle: Let the IV be set through Nettle.Proxy (aka Crypto.Buffer).