[ANNOUNCE] INN 2.6.3 available

Russ Allbery rra at isc.org
Mon Feb 18 22:42:57 UTC 2019

Internet Systems Consortium is pleased to announce that a new bug-fix
release of INN is available at:


The MD5 checksum of this release is:


A PGP signature, signatures of SHA-1, SHA-256, and SHA-512 checksums, and
a patch from 2.6.2 to 2.6.3 are available in the same directory.

This is a bug-fix and minor feature release over 2.6.2.  Upgrading an
existing INN 2.6.2 installation is as simple as building INN 2.6.3,
running make update, and restarting innd and related programs.

Many thanks to Julien ÉLIE for preparing this release.

Changes in 2.6.3

  * Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
    later; NIST P-256 was enforced instead of using the most secure curve.

  * A new inn.conf parameter has been added to fine-tune the cipher suites
    to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
    A separate cipher suite configuration parameter is needed for TLS 1.3
    because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
    vice-versa.  In order to avoid issues where legacy TLS 1.2 cipher
    suite configuration configured in the *tlsciphers* parameter would
    inadvertently disable all TLS 1.3 cipher suites, the inn.conf
    configuration has been separated out.

  * Support for Python 3 has been added to INN.  Embedded Python filtering
    and authentication hooks for innd and nnrpd can now use version 3.3.0
    or later of the Python interpreter.  In the 2.x series, version 2.3.0
    or later is still supported.

    When configuring INN with the --with-python flag, the "PYTHON"
    environment variable, when set, is used to select the interpreter to
    embed.  Otherwise, it is searched in standard paths.

    In case you change the Python interpreter to embed, make sure that the
    Python scripts you use are written in the expected syntax for that
    version of the Python interpreter.  Notably, buffer objects have been
    replaced with memoryview objects in Python 3, and UTF-8 encoding now
    really matters for string literals (Python 3 uses bytes and Unicode

    INN documentation and samples of Python hooks have been updated to
    provide more examples.

  * When a Python or Perl filter hook rejects an article, innd now
    mentions the reason in response to CHECK and TAKETHIS commands.
    Previously, the reason was given only for the IHAVE command.

  * nnrpd now properly logs the hostname of clients whose connection
    failed owing to an issue during the negotiation of a TLS session or
    high load average.

INN is discussed on <inn-workers at lists.isc.org>.  Please send any bug
reports or patches to that list.

Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>

          Please post questions rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.

More information about the inn-announce mailing list