Version 3.4.4 of Cryptlib implements TLS-LTS (long-term support) for use on systems that may have multi-year or even decade-long update cycles.
This new release incorporates what’s already deployed for TLS* 1.2, but crucially, fixes the security holes and bugs.
Cryptlib author Dr Peter Gutmann states “TLS-LTS presents a minimal, known-good set of mechanisms that defends against all currently-known weaknesses in TLS. It would have defended against them ten years ago and has a good chance of defending against them ten years from now, providing the long-term stability that’s required by many systems in the field”.
TLS, by nature of its complexity and the inclusion of large amounts of legacy material contains numerous security issues. These have been known to be a problem for many years, and they keep coming up again and again in attacks. This long-term stability is particularly important in light of the fact that widespread mainstream adoption of new versions of TLS has been shown to take 15 years or more, with adoption in embedded environments taking even longer.
*TLS is an enhanced secure connection and authentication mechanism that represents the current version of the widely-used Internet security technology formerly known as SSL.