It has been a while since the last release but here's new version 0.5 of CryptoNark. New features and changes in this release include the following (but are mainly centered on certificate validation):
- Modifed DHE- cipher strings to note that they also support Forward Secrecy
- Added more OpenSSL version strings. This is now current to the most recent OpenSSL version
- CryptoNark will check to see if you are running 0.9.8l or less and warn that your version doesn't support secure client renegotation.
- The cert_info() subroutine has been modified to use the AES265-SHA cipher from RC4-SHA. This is purely just to support the eventual phasing out of RC4 ciphers
- The cert_info() subroutine now displays the expiration date of the peer certificate
- Finally, a behavior change, which works around a problem reported when running against a server using a self-signed certificate. A server using a self-signed certificate no longer fails certificate validation. This might seem counter to what you're seeing when you connect with a web browser to a web site using a self-signed certificate but keep in mind that if your browser trusts that self-signed certificate, then data and channel encryption isn't much different. The reason behind this change is to workaround an issue that is ultimately going to require a rewrite to how I am doing certificate validation today. Previous versions of CryptoNark would fail certificate validation when using a self-signed certificate but when run with the --insecure switch, some platforms would incorrectly report the bit length of the private key and then croak with a segmentation fault. This version worksaround that issue.
A big thank you to all who have downloaded this over the years and emailed issues to me. As always, downloads are available off of the CryptoNark page.