j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Final release notes added, also edited release notes for 1.0pre2 to what the announcement on the mailing list looked like.

Browse source
This commit is contained in:
Ivo Timmermans 2000-11-09 20:41:13 +00:00
parent 16847ea255
commit 4310b17be9
1 changed files with 76 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
NEWS
View file

@ -1,15 +1,82 @@
version 1.0pre3 Oct 31 2000
* New protocol
* Use public/private key cryptography (fixes security hole)
* Spanish translation of the program and the manual
* Use OpenSSL crypto library for all cryptography
* Support for multiple subnets per tinc daemon
* Support for universal tun/tap device
* No longer depends on GMP
* The protocol has been redesigned, and although some details are
still under discussion, this is secure. Care has been taken to
resist most, if not all, attacks.
* Unfortunately this protocol is not compatible with earlier versions,
nor are earlier versions compatible with this version. Because the
older protocol has huge security flaws, we feel that not
implementing backwards compatibility is justified.
* Some data about the protocol:
* It uses public/private RSA keys for authentication (this is the
actual fix for the security hole).
* All cryptographic functions have been taken out of tinc, instead
it uses the OpenSSL library functions.
* Offers support for multiple subnets per tinc daemon.
* New is also the support for the universal tun/tap device. This
means better portability to FreeBSD and Solaris.
* tinc is tested to compile on Solaris, Linux x86, Linux alpha.
* tinc now uses the OpenSSL library for cryptographic operations.
More information on getting and installing OpenSSL is in the manual.
This also means that the GMP library is no longer required.
* Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
Carrasco provided us with a Spanish translation of the manual.
What still needs to be done before 1.0:
* Documentation. Especially since the protocol has changed, and a lot
of configuration directives have been added.
version 1.0pre2 May 31 2000
* Internationalized, Dutch translation available
* Many sanity checks on the meta protocol added
* This version has been internationalized; and a Dutch translation has
been included.
* Two configuration variables have been added:
* VpnMask - the IP network mask for the entire VPN, not just our
subnet (as given by MyVirtualIP). The Redhat and Debian packages
use this variable in their system startup scripts, but it is
ignored by tinc.
* Hostnames - if set to `yes', look up the names of IP addresses
trying to connect to us. Default set to `no', to prevent lockups
during lookups.
* The system startup scripts for Debian and Redhat use
/etc/tinc/nets.boot to find out which networks need to be started
during system boot.
* Fixes to prevent denial of service attacks by sending random data
after connecting (and even when the connection has been established),
either random garbage or just nonsensical protocol fields.
* tinc will retry to connect upon startup, does not quit if it doesn't
work the first time.
* Hosts that are disconnected implicitly if we lose a connection get
deleted from the internal list, to prevent hogging eachother with
add and delete requests when the connection is restored.
What still needs to be done before 1.0:
* Documentation.
* Failover ConnectTo lines, try another one if the first doesn't work.
version 1.0pre1 May 12 2000
* New meta-protocol