Revision history
0.16
- Fixed a bug that was introduced in 0.15 where the module died if Crypt::Random existed
but it was older than 0.34 or modules IT depended on (such as Math::Pari) didn't exist.
0.15
- Implemented stronger number generator (Crypt::Random). This module will be used instead
of perl's built-in rand() if it's available.
- Fixed a potential bug that was introduced in version 0.14 that might have stopped the
test script (although not the module) from succeeding on BSD systems.
- Test suite will now (nicely) refuse to run under Win32 as opposed to the fiasco that
happened before. Keep in mind that the module itself should work okay under win32, the
problem was only with the test script trying to act as both a client and server without
being able to fork() or use alarm(). Testing could be done manually bu the /util/client.pl
and /util/server.pl scripts.
- Implemented a (weak) internal encryption routine that will be used to encrypt the password
hash and encryption keys in transit, as a last resort in case no encryption modules were
found.
- Fixed some warnings that might have been generated by use strict/warnings. Thanks to
Michael Krause
- Implemented more secure communications when using symmetric encryption modules by
utilizing the "password" paramater as part of the non-broadcastable encryption key.
This should dramatically increase the security of symmetric encryption, however it's
still no match for As-symmetric encryption modules such as Crypt::RSA.
- Implemented an optional parameter to be passed to the start() method (a coderef).
If supplied, the code will be called every loop. This could be used to allow you
to do other things concurrently while a server's running (comparable to the
do_one_loop() philosophy).
- Added to the handshake phase the comparison of the version of the Storable module as
which would produce the same error as compression/encryption module version mismatches.
This can (also) be turned off by supplying the donotcheckversion constructor option.
0.14
- Implemented a do_one_loop() method to allow servers you write to do other things
concurrently instead of the old way of being dedicated through the start() method.
- Localized some variables to the server object. This prevented running multiple servers
previously within the same program.
- Added some more internal notes.
0.13
- Fixed a bug where supplying 4 parameters to substr() choked on older versions of perl
substr() calls now only use 3 paramaters.
- Added 2 new methods, addclientip() and deleteclientip() which may be used to restrict
a server to only accept connections from certain IP addresses.
0.12
- Fixed a bug where if Crypt::RSA was not installed the test suite would fail.
- The welcome message viewable via telnet-ting into the server is now formatted nicer.
0.11
- Fixed a small issue where if a server and a client were configured to use a password, the
password negotiation occurred before the encryption negotiation, which caused the password
hash to be transmitted using weak internal encryption. This has been fixed by making the
password negotiation occur after encryption negotiation. It's not really a major security
issue since only a hash and not the real password was transmitted, but still.... this forces
a hacker to break the encryption first before they can get the hash, which they THEN have
to brute-force break....
- As requested by a CPAN tester, added numbers to the output of 'make test'. Note that due to
the fact that make test fork()s, the numbers may not be consequtive.
- The server will generate a new RSA keypair every hour, this substantially increases
security.
- Implemented support of "donotcheckversion" which would allow the client to continue
negotiating even if an encryption/compression module version mismatch is encountered.
Before you use this feature read the POD/man Net::EasyTCP documentation to understand the
consequences.
- The clear-text welcome message displayed by the server is now more organized.
- Clarified some vague error messages that were sometimes returned if negotiations failed.
- Minor internal re-organizations.
0.10
- Bugfixes release.
- A bug was introduced in version 0.09 where if a client did not have any encryption modules
installed it would fail negotiating with the server and would not be able to connect. This
was fixed.
- A bug where failure to generate encryption keys was not handled correctly and passed on as
a success, causing random halts and freezes during. This was fixed.
- Clarified the error message when a client times out during negotiating with a server
- Encryption keypairs were always being generated and not used even if the objects were created
with "donotencrypt". This caused slowdown especially when Crypt::RSA was used due to it's
slowness in generating keypairs. This issue was fixed.
- A potential bug where an encryption or compression module version-conflict error was incorrectly
reported.
0.09
- Implemented Crypt::RSA support. This is the first supported module that implements
assymmetric cryptography. Users who are serious about the security of their en-route
data are strongly advised to upgrade and make use of this encryption module.
- Small bugfix where client-negotiation-timeouts were not reported correctly.
0.08
- Bugfix release. An internal variable was assigned to both Crypt::Rijndael and Crypt::RC6
(they should have received different variables). This causes negotiations to often fail
when a client has RC6 and not Rijndael and the server had the opposite, or vice-versa.
- Implemented encryption and compression module version checking. The client will fail
to connect to a server if the agreed-on encryption or compression module has a version
mismatch. The failure error in $@ will advise of so.
0.07
- Minor changes to the negotiation routine, including improved security during encryption key
exchange.
- Implemented a "password" feature where a server will require a password from the client before
accepting connection.
- Added 2 methods (remoteip() and remoteport()) to retrieve the IP address/port of the remote
connection.
- Added support to Crypt::Rijndael encryption.
- Added support to Crypt::RC6 encryption.
- Changes to the send and receive routines to allow the server to better manage large amounts
of data from several clients at the same time.
0.06
- Re-organized many internal functions to better manage memmory and free up memory no longer used
sooner.
- Added new method clients() to return the list of clients or number of clients connected to a
server.
- Modified the new() constructor to accept a "Welcome" message visible by telnetting into a server.
0.05
- Fixed a bug where calling the receive() method may have failed if a signal (such as child dying)
was delivered to the process at the same time. The bug became apparent on heavily-stormed
servers with many forked() children dying, causing the negotiation with new clients to sometimes
fail.
- Re-wrote the server-side negotiating code to prevent it from blocking for couple of seconds during
negotiating with a newly connected client.
0.04
- Fixed a bug where older versions of Crypt::CBC were not called correctly causing "make test"
and almost everything else to fail.
- Minor changes to the protocol negotiation
0.03
- Added encryption support for Crypt::DES_EDE3, Crypt::DES and Crypt::Blowfish
- Added 2 new methods to determine what type of compression and encryption has been negotiated.
0.02
- Implemented transparent compression
- Implemented transparent encryption
- Internal protocol majorly re-designed to accomodate new and future features
- Re-wrote the test routine to use fork() and simulate a real-world scenario
- Minor bugfixes in receive()
0.01
- original version; created by h2xs 1.19