« May 2014 | Main | October 2014 »

3 posts from June 2014

06/10/2014

CryptoNark 0.5.5 Released - Now Supporting Windows

It's only been a few days since the 0.5 release but I've been busy updating CryptoNark with some bug fixes and also added in support for Windows. One caveat: I've only tested this on WIndows 8.1 under a Strawberry Perl 5.18.2 installation. Please let me know if there are any issues on older/newer versions of Strawberry Perl.

One additional item to note in this version. SSLv2 connections to some sites were causing perl to crash when running on Windows. I've modified the subroutine that is making SSLv2 calls to make it more stable but on those sites that it was crashing on, cnark now falsely (?) reports that an sslv2 connection with an RC4-MD5 cipher is possible. I'm still investigating this issue. It does not happen on all sites.

You can download the new CryptoNark v0.5.5 release from the Downloads page and you can see the changelog at the CryptoNark page on this site.

06/07/2014

OpenSSL Version Matrix Updated - June 2014 Edition

I updated my OpenSSL Version Matrix post again to include the three new OpenSSL versions recently released. The matrix is now current as of June 7, 2014 with Perl code you can steal. I still use Tie::Hash::indexed in all my modules to order this hash in the order you see it in the post.

Also, the Kindle edition of chromatic's Modern Perl: 2014 Edition is  available so grab a copy--it's a steal.

06/02/2014

CryptoNark 0.5 Released

It has been a while since the last release but here's new version 0.5 of CryptoNark. New features and changes in this release include the following (but are mainly centered on certificate validation):

  • Modifed DHE- cipher strings to note that they also support Forward Secrecy
  • Added more OpenSSL version strings. This is now current to the most recent OpenSSL version
  • CryptoNark will check to see if you are running 0.9.8l or less and warn that your version doesn't support secure client renegotation.
  • The cert_info() subroutine has been modified to use the AES265-SHA cipher from RC4-SHA. This is purely just to support the eventual phasing out of RC4 ciphers
  • The cert_info() subroutine now displays the expiration date of the peer certificate
  • Finally, a behavior change, which works around a problem reported when running against a server using a self-signed certificate. A server using a self-signed certificate no longer fails certificate validation. This might seem counter to what you're seeing when you connect with a web browser to a web site using a self-signed certificate but keep in mind that if your browser trusts that self-signed certificate, then data and channel encryption isn't much different. The reason behind this change is to workaround an issue that is ultimately going to require a rewrite to how I am doing certificate validation today. Previous versions of CryptoNark would fail certificate validation when using a self-signed certificate but when run with the --insecure switch, some platforms would incorrectly report the bit length of the private key and then croak with a segmentation fault. This version worksaround that issue.

A big thank you to all who have downloaded this over the years and emailed issues to me. As always, downloads are available off of the CryptoNark page.