Pen 0.27.4 released

Available here:

And also here:

Pen 0.27.4 rounds off the SSL support with several TLS extensions and security related enhancements.

TLS 1.1 and TLS 1.2 can now be individually disabled.

Client-initiated secure renegotiation can now be rate-limited. The default “limit” is once per hour, which effectively disables this potential vector for denial of service.

OCSP stapling is now supported.

Server Name Indication is supported.

See penctl manpage for configuration help.

Full list of changes from 0.27.3:

150408 Updated ocsp stapling to be compatible with server name indication.
Added script.
Released 0.27.4.

150407 SSL code broken out into ssl.[ch]. SSL context creation broken
out from ssl_init to ssl_create_context.
Server Name Indication support. New command to enable:
ssl_sni_path PATH
where PATH is the name of a directory containing domain.key,
domain.crt and files for each domain.

150406 OCSP stapling. New command ssl_ocsp_response filename
specifies the location of the ocsp response to be stapled.
The response must be pre-fetched. The idea was borrowed
from Rob Stradling.

150403 New command ssl_client_renegotiation_interval specifies the
minimum number of seconds the client must wait between
renegotiation requests. Default 3600.

150402 Enabled SSL session resumption.
In do_cmd: don’t print “ignoring command” for comments starting
with ‘#’.

150330 Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable
SSL 1.1 and 1.2 respectively.


Leave a Reply

Your email address will not be published. Required fields are marked *