OpenBSD, the security oriented operating system, has reached its 5.8 milestone today.
Here is a quick review of the new features in the 5.8 release.
- ACPI C-state support reduces power consumption
- Support of x86 AVX instructions
- New MPLS pseudowire driver mpw
- Work on MP unlocking of the network stack (will bear fruits in 5.9)
- Radiusd, a new RADIUS daemon
- Sudo has been replaced by the new doas
- file(1) has been replaced with a new implementation with sandbox and privilege separation.
- Ntpd is now enabled by default at install time
- New installs now use DUID unconditionally
- Many improvements and simplifications in ldpd (MPLS)
- Default IPSEC Diffie-Hellman group is now modp3072
- New process-containment facility called tame (later renamed to pledge)
- The reaper does not hold the Big Lock anymore
- HSTS support in httpd
- Support for range requests in httpd (clients can pause and restart a download)
- TLS 1.2 is now the default protocol in relayd and httpd
- Chacha20 is the new default cipher in ssh
- SSH1 is now disabled at compile time
- SSH 1024-bit diffie-hellman-group1-sha1 disabled at runtime
- LibreSSL rejects DH parameters < to 1024 bits
- openssl dhparam default from 512 to 2048 bits
You can download it from one of the mirrors listed at http://www.openbsd.org/ftp.html
