NEWS in yahns-1.12.1 vs NEWS in yahns-1.12.2
- old
+ new
@@ -1,4 +1,40 @@
+=== yahns 1.12.2 - minor doc and TLS fixes / 2016-03-01 01:55 UTC
+
+ This release ensures OpenSSL::SSL::SSLContext#session_id_context
+ is always set for OpenSSL users. It won't overwrite existing
+ settings, but setting it to a random value is necessary to
+ ensure clients do not get aborted connections when attempting to
+ use a session cache.
+
+ No need to actually upgrade if you're on 1.12.1, you may add the
+ following to your yahns_config(5) file where
+ OpenSSL::SSL::SSLContext is configured:
+
+ # recommended, not required. This sets safer defaults
+ # provided by Ruby on top of what OpenSSL gives:
+ ssl_ctx.set_params
+
+ # required, and done by default in v1.12.2:
+ ssl_ctx.session_id_context ||= OpenSSL::Random.random_bytes(32)
+
+ yahns gives you full control of of how OpenSSL::SSL::SSLContext is
+ configured. To avoid bugs, yahns only ensures
+ OpenSSL::SSL::SSLContext#session_id_context is set (if not previously
+ set by the user) and calls OpenSSL::SSL::SSLContext#setup before
+ spawning threads to avoid race conditions. yahns itself does not and
+ will not enforce any opinion on the compatibility/performance/security
+ trade-offs regarding TLS configuration.
+
+ Note: keep in mind using an SSL session cache may be less useful
+ with yahns because HTTP/1.1 persistent connections may live
+ forever :)
+
+ 3 bug/doc fixes on top of v1.12.1:
+ document OpenSSL::SSL::SSLContext#set_params use
+ ssl: ensure is session_id_context is always set
+ test/*: fix mktmpdir usage for 1.9.3
+
=== yahns 1.12.1 - more TLS fixes / 2016-02-22 00:39 UTC
Most notably release fixes TLS output buffering for large
responses to slow clients. For Rack HTTPS users,
env['SERVER_PORT'] also defaults to 443 properly unless the