doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-06-25 10:06:25 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-06-25 10:09:04 +0200
commit: 6a218a77cb44eeef5f2459f4883c45aab6f06214 (patch)
tree: 61c22ec20b8d9f6e9ad5156bb9be813dd813b489 /NEWS
parent: b0c6c9c17e8ff683d4d370750888f3755c64dadc (diff)
download: gnutls-6a218a77cb44eeef5f2459f4883c45aab6f06214.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 0654cb9a9b..5e2cf386d1 100644
--- a/NEWS
+++ b/NEWS
@@ -55,6 +55,13 @@ See the end for copying conditions.
    unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
    change for these functions which make them err towards safety.
 
+** libgnutls: improved aarch64 cpu features detection by using getauxval().
+
+** Improved counter-measures for TLS CBC record padding, when encrypt-then-MAC
+   mode is not used. Introduced the %FORCE_ETM priority string option. This option
+   prevents the negotiation of legacy CBC ciphersuites unless encrypt-then-mac
+   is negotiated as well.
+
 ** certtool: It is now possible to specify certificate and serial CRL numbers greater
    than 2**63-2 as a hex-encoded string both when prompted and in a template file.
    Default certificate serial numbers are now fully random. Default CRL
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-25 10:06:25 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-25 10:09:04 +0200
commit	6a218a77cb44eeef5f2459f4883c45aab6f06214 (patch)
tree	61c22ec20b8d9f6e9ad5156bb9be813dd813b489 /NEWS
parent	b0c6c9c17e8ff683d4d370750888f3755c64dadc (diff)
download	gnutls-6a218a77cb44eeef5f2459f4883c45aab6f06214.tar.gz