The biggest change in this release is the updated version of PolarSSL and the support for its new features. This new version of PolarSSL brings TLS1.2, secure renegotiation and Server Name Indication support. I really love how easy it was to include support for these new features in Hiawatha. Taking a look at the API in the header files was enough to understand how it works. Compare that to OpenSSL and it's easy to chose the winner. I hereby congratulate and thank Paul Bakker, the author of PolarSSL, for this great SSL library!
Hiawatha now has an option to set the minimal supported SSL/TLS version. I've used SSL Labs to test Hiawatha for any SSL implementation errors. With MinSSLversion set to TLS1.0, I got a score of 90%, set to TLS1.1, I got a score of 96% and set to TLS1.2, I got a score of 97%. The only thing I needed for a 100% score was a 4096-bits certificate instead of a 2048-bits certificate. Well, I can think I can live with a score of 97%.
With the mininal SSL version support set to SSL3.0 or TLS1.0, Hiawatha prefers the usage of RC4 to mitigate the BEAST attack. When set to TLS1.1 or TLS1.2, Hiawatha prefers AES256. The only thing we need right now is TLS1.1 support in Firefox. Internet Explorer supports TLS1.2, Chrome supports TLS1.1, Opera supports TLS1.2 (although disabled by default). Only Firefox is still stuck at TLS1.0.