INN 2.6.3 release candidate

Julien ÉLIE julien at
Wed Jan 16 20:55:51 UTC 2019

Hi all,

A release candidate for INN 2.6.3 can be downloaded at:

The MD5 checksum is:  a53555c58221c2eab89b4f8b4c595b70.

A patch from 2.6.2 to 2.6.3rc1 is available in the same directory.

Feel free to report any issue you may encounter.
The final release is scheduled in February.

Changes from 2.6.2 to 2.6.3

    * Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
      later; NIST P-256 was enforced instead of using the most secure curve.

    * A new inn.conf parameter has been added to fine-tune the cipher suites
      to use with TLS 1.3:  the *tlsciphers13* now permits configuring them.
      A separate cipher suite configuration parameter is needed for TLS 1.3
      because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
      vice-versa.  In order to avoid issues where legacy TLS 1.2 cipher
      suite configuration configured in the *tlsciphers* parameter would
      inadvertently disable all TLS 1.3 cipher suites, the inn.conf
      configuration has been separated out.

    * Support for Python 3 has been added to INN.  Embedded Python filtering
      and authentication hooks for innd and nnrpd can now use version 3.3.0
      or later of the Python interpreter.  In the 2.x series, version 2.3.0
      or later is still supported.

      When configuring INN with the --with-python flag, the "PYTHON"
      environment variable, when set, is used to select the interpreter to
      embed.  Otherwise, it is searched in standard paths.

      In case you change the Python interpreter to embed, make sure that the
      Python scripts you use are written in the expected syntax for that
      version of the Python interpreter.  Notably, buffer objects have been
      replaced with memoryview objects in Python 3, and UTF-8 encoding now
      really matters for string literals (Python 3 uses bytes and Unicode

      INN documentation and samples of Python hooks have been updated to
      provide more examples.

    * When a Python or Perl filter hook rejects an article, innd now
      mentions the reason in response to CHECK and TAKETHIS commands. 
      Previously, the reason was given only for the IHAVE command.

    * nnrpd now properly logs the hostname of clients whose connection
      failed owing to an issue during the negotiation of a TLS session or
      high load average.

Julien ÉLIE

« First Guy (proudly):  "My wife's an angel!"
  Second Guy:  "You're lucky, mine's still alive." »

More information about the inn-workers mailing list