Dear OCaml developers,
we’re pleased to finally release a full stack of packages that do not rely on Cstruct.t/Bigarray, but use string / bytes instead. This brings us a massive performance boost (e.g. a factor of 3 in tls), and brings a easier to comprehend API. It also makes performance tooling work much more smoothly with our released packages. We announced this upcoming change earlier this year https://discuss.ocaml.org/t/ann-mirage-crypto-0-11-3-with-more-speed-for-elliptic-curves-and-the-future-roadmap-of-mirage-crypto
For further details, please see the specific release pages:
- mirage-crypto 1.0.0 (also 1.0.1, and 1.1.0) - cryptographic operations in OCaml (symmetric ciphers, asymmetric ciphers (RSA, DSA, DH), fortuna (a cryptographic secure pseudo random number generator), elliptic curves (from fiat-crypto) – the hash algorithms have been removed - use digestif instead
- tls 1.0.0 (also 1.0.1, 1.0.2, and 1.0.3) - a Transport layer security implementation (HTTPS) in OCaml, supporting TLS 1.0, 1.1, 1.2, and 1.3
- x509 1.0.0 (also 1.0.1, 1.0.2, 1.0.3, and 1.0.4) - X509 certificates (signing requests, certificate revocation lists, PKCS12)
- asn1-combinators 0.3.0 (also 0.3.1 and 0.3.2) - ASN.1 parser combinators
- let’s encrypt 1.0.0 - a client for https://letsencrypt.org - automated TLS certificate issuance
- awa 0.4.0 - a SSH client and server implementation
- kdf 1.0.0 - supporting different key derivation functions: hkdf (used in TLS), PBKDF2, SCRYPT
- paf 0.7.0 - protocol-agnostic client (http / http2)
- git 3.17.0 - an implementation of the version control system git https://git-scm.com
- dns 9.0.0 (also 9.0.1) - an implementation of the domain name system
As you can envision, there was a lot of coordination and releasing involved in preparing these API-breaking changes. The list above likely misses various packages that have been released to support the new mirage-crypto and tls API.
There have already been various issues reported and fixed in the subsequent minor releases. We encourage you to upgrade your software stack to the new release series, and report issues while you encounter them (being it API questions, or correctness issues). Earlier releases are not maintained anymore (due to lack of interest and lack of time), thus if you encounter issues in earlier releases, please first update to the most recent releases (although this may need some effort – a PR that uses the packages heavily is remove dependency on cstruct, use string and bytes instead by hannesm · Pull Request #279 · robur-coop/miragevpn · GitHub). If you’re stuck or lack time to port your code to the new API, we at robur offer commercial support in upgrading your codebase. Reach out to us via email: team@robur.coop.
This work has been conducted by the robur collective. Parts of this work was sponsored by Tarides.