Skip to content

Releases: refraction-networking/utls

v1.6.7 Allow inspecting Client Hello before locking Session/PSK

05 Jul 06:52
v1.6.7
925bfb3
Compare
Choose a tag to compare

What's Changed

  • Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK by @adotkhan in #301

Full Changelog: v1.6.6...v1.6.7

v1.6.6 Hotfix: QUIC must not send non-empty session ID by RFC

03 May 17:43
v1.6.6
4f71339
Compare
Choose a tag to compare

What's Changed

Full Changelog: v1.6.5...v1.6.6

v1.6.5 Popular Firefox 120 parrot and deps update

02 May 05:11
v1.6.5
1f5d7d7
Compare
Choose a tag to compare

What's Changed

  • build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #293
  • Update Firefox 120 parrot to a more popular version by @adotkhan in #296

New Contributors

Full Changelog: v1.6.4...v1.6.5

v1.6.4 bugfix: UConn incorrectly inherits Conn methods

10 Apr 17:26
v1.6.4
e684676
Compare
Choose a tag to compare

What's Changed

  • build(deps): bump github.com/quic-go/quic-go from 0.40.1 to 0.42.0 by @dependabot in #289
  • fix: (*UConn).Read() and Secure Renegotiation by @gaukas in #292

Full Changelog: v1.6.3...v1.6.4

v1.6.3 Cryptographically Secured Shuffle

21 Feb 21:44
v1.6.3
3d4788c
Compare
Choose a tag to compare

Don't panic! This does not cause any significant security concern, since modern platforms are doing fine with limited randomness from math/rand. This patch is for some much restrictive platforms such as WebAssembly -- on which math/rand may generate deterministic output (e.g., same random number series from each cold start).

What's Changed

  • security: crypto/rand ShuffleChromeTLSExtensions by @gaukas in #286

Full Changelog: v1.6.2...v1.6.3

v1.6.2 Dependency and Upstream Update

30 Jan 19:42
v1.6.2
d2768e4
Compare
Choose a tag to compare

What's Changed

Full Changelog: v1.6.1...v1.6.2

v1.6.1 Hotfix: kyberslash2

08 Jan 17:06
v1.6.1
8b9a63f
Compare
Choose a tag to compare

Security Warning

This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.

What's Changed

  • build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #273
  • feat: parse GREASE ECH from raw by @gaukas in #276
  • build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #277

Full Changelog: v1.6.0...v1.6.1

v1.6.0 One step closer to ECH

16 Dec 18:10
v1.6.0
c4ba3ff
Compare
Choose a tag to compare

What's New

  • We now have GREASE ECH parrots (Chrome 120, Firefox 120) available!

What's Changed

New Contributors

Full Changelog: v1.5.4...v1.6.0

v1.5.4 Maintenance: bugfix and undo breaking API

10 Oct 03:05
v1.5.4
e89d82c
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v1.5.3...v1.5.4

v1.5.3 Hotfix: secondary key share

04 Sep 20:41
v1.5.3
67192c2
Compare
Choose a tag to compare

What's Changed

  • fix: secondary keyshares may be lost after overriding keySharesParams by @gaukas in #238

Full Changelog: v1.5.2...v1.5.3