IO-Socket-SSL

Changes for version 1.956 - 2013-11-10

lots of behavior changes for more secure defaults:
BEHAVIOR CHANGE: make default cipher list more secure, especially
- no longer support MD5 by default (broken)
- no longer support anonymous authentication by default (vulnerable to man in the middle attacks)
- prefer ECDHE/DHE ciphers and add necessary ECDH curve and DH keys, so that it uses by default forward secrecy, if underlying Net::SSLeay/openssl supports it
- move RC4 at the end, e.g. 3DES is prefered (BEAST attack should hopefully been fixed and now RC4 is considered less safe than 3DES)
- default SSL_honor_cipher_order to 1, e.g. when used as server it tries to get the best cipher even if client preferes other ciphers PLEASE NOTE that this might break connections with older, less secure implementations. In this case revert to 'ALL:!LOW:!EXP:!aNULL' or so.
BEHAVIOR CHANGE: SSL_cipher_list now gets set on context not SSL object and thus gets reused if context gets reused. PLEASE NOTE that using SSL_cipher_list together with SSL_reuse_ctx has no longer effect on the ciphers of the context.
rework hostname verification schemes
- add rfc names as scheme (e.g. 'rfc2818',...)
- add SIP, SNMP, syslog, netconf, GIST
- BEHAVIOR CHANGE: fix SMTP - now accept wildcards in CN and subjectAltName
- BEHAVIOR CHANGE: fix IMAP, POP3, ACAP, NNTP - now accept wildcards in CN
BEHAVIOR CHANGE: anywhere wildcards like www* now match only 'www1', 'www2'.. but not 'www'
anywhere wildcards like x* are no longer applied to IDNA names (which start with 'xn--')
fix crash of Utils::CERT_free
support TLSv11, TLSv12 as handshake protocols

Modules

IO::Socket::SSL

SSL sockets with IO::Socket interface

IO::Socket::SSL::Intercept

SSL interception (man in the middle)

IO::Socket::SSL::Utils

loading, storing, creating certificates and keys

Provides

IO::Socket::SSL::SSL_Context

in lib/IO/Socket/SSL.pm

IO::Socket::SSL::SSL_HANDLE

in lib/IO/Socket/SSL.pm

IO::Socket::SSL::Session_Cache

in lib/IO/Socket/SSL.pm

Examples

Other files

To install IO::Socket::SSL, copy and paste the appropriate command in to your terminal.

cpanm

cpanm IO::Socket::SSL

CPAN shell

perl -MCPAN -e shell
install IO::Socket::SSL

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 1.956 - 2013-11-10

Modules

Provides

Examples

Other files

Module Install Instructions