- Add support for DNS-over-TLS (experimental) to Unbound as a server and a client.
- Adds new configuration file options:
- 'do-starttls: yes/no' # enable STARTTLS for downstream queries
- 'starttls-upsteam' : yes/no # enable STARTTLS for upstream queries
- 'starttls-delay': number of second # time to cache the STARTTLS capability of an upstream server before retrying a STARTTLS negotiation
- Adds option to use the TO bit for STARTTLS downstream. Enable with --enable-TObit configure option.
- Adds new statistics counters: SSL queries, EDNS_TO queries and STARTTLS queries
- Initial attempt to change behaviour of writes over SSL so that the DNS message is sent in a single packet when possible. (Previous behaviour was to send the length and message content separately.) Should be improved to avoid malloc on each write.
- Fix libunbound to support SSL by initiallising the SSL library.
- Adds experimental client and server support for TCP Fast open (linux only). Enable with --enable-tcp-fastopen configure option.