ANN: eGenix pyOpenSSL Distribution 0.13.3.1.0.1.6

[eGenix Team: M.-A. Lemburg]

________________________________________________________________________
ANNOUNCING

eGenix.com pyOpenSSL Distribution

Version 0.13.3.1.0.1.6


An easy-to-install and easy-to-use distribution
of the pyOpenSSL Python interface for OpenSSL -
available for Windows, Mac OS X and Unix platforms


This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.3.1.0.1.6.html

________________________________________________________________________
INTRODUCTION

The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.

It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:

http://www.egenix.com/products/python/pyOpenSSL/

pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:

https://launchpad.net/pyopenssl/

OpenSSL is an open-source implementation of the SSL/TLS protocol:

http://www.openssl.org/

________________________________________________________________________
NEWS

This new release of the eGenix.com pyOpenSSL Distribution updates the
included pyOpenSSL and OpenSSL versions:

New in the eGenix pyOpenSSL Distribution
----------------------------------------

* Updated pyOpenSSL to the upstream trunk revision 171 (pyOpenSSL
version 0.13.1+).

* Added work-around for compiling pyOpenSSL trunk revision 171 on
Windows with OpenSSL 1.0.0 and later.

* Included support for TLS 1.1 and 1.2 in pyOpenSSL (rev 171). Please
see the TLS support section in the documentation for details.

http://www.egenix.com/products/python/pyOpenSSL/doc/#TLS_support

* Added SSL.OP_NO_COMPRESSION and SSL.OP_SINGLE_ECDH_USE context
options to be able to address the CRIME attack and allow for more
secure elliptic curve Diffie-Hellman key exchange setups.

* Added HTML Sphinx documentation from the pyOpenSSL trunk version to
the package. An online version is available from our website:

http://www.egenix.com/products/python/pyOpenSSL/doc/pyopenssl.html

* Updated the included CA bundles to the latest Mozilla 2014-01-28
version.

* Included ca-bundle*.crt files now have the same modification date
as the Mozilla certdata.txt file from which they were generated.

* Restored compatibility of the ca_bundle module with Python 2.4.

* Enhanced the included https_client.py example to show case OpenSSL
best practices:

- server name parsing (RFC 2818 support will follow in one of the
next releases)

- SNI (support for TLS extension to support multiple SSL sites on a
single host)

- setup secure default SSL options

- setup secure default SSL cipher suite

- use TLS 1.0 - 1.2 only

- disable SSL compression negotiation (prevent CRIME attack)

New in OpenSSL
--------------

* Updated included OpenSSL libraries from OpenSSL 1.0.1e to
1.0.1f. See http://www.openssl.org/news/news.html and
http://www.openssl.org/news/vulnerabilities.html for a complete
list of changes, most important:

- CVE-2013-4353: A carefully crafted invalid TLS handshake could
crash OpenSSL with a NULL pointer exception. A malicious server
could use this flaw to crash a connecting client.

- CVE-2013-6450: A flaw in DTLS handling can cause an application
using OpenSSL and DTLS to crash.

- CVE-2013-6449: A flaw in OpenSSL can cause an application using
OpenSSL to crash when using TLS version 1.2.

As always, we provide binaries that include both pyOpenSSL and the
necessary OpenSSL libraries for all supported platforms:
Windows x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64.

We've also added egg-file distribution versions of our eGenix.com
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.

________________________________________________________________________
DOWNLOADS

The download archives and instructions for installing the package can
be found at:

http://www.egenix.com/products/python/pyOpenSSL/

________________________________________________________________________
UPGRADING

Before installing this version of pyOpenSSL, please make sure that
you uninstall any previously installed pyOpenSSL version. Otherwise,
you could end up not using the included OpenSSL libs.

_______________________________________________________________________
SUPPORT

Commercial support for these packages is available from eGenix.com.
Please see

http://www.egenix.com/services/support/

for details about our support offerings.

________________________________________________________________________
MORE INFORMATION

For more information about the eGenix pyOpenSSL Distribution, licensing
and download instructions, please visit our web-site or write to
(e-mail address removed).

Enjoy,
--
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source (#1, Jan 28 2014)________________________________________________________________________

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/

 

[Denis McMahon]

It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form

Hmm, well it all sounds very good, but how would I know that the pre-
compiled library doesn't contain a backdoor that sends copies of all the
plaintext to the NSA?