diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-07-11 08:02:56 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-02 12:39:05 +0200 |
commit | d02d10484c31fc4dd438c4de63f79ca7c184cabe (patch) | |
tree | 1d31f9a40b5a91b461301b75c17a45461e9e91bc /NEWS | |
parent | dbe848409912eab2a2647f570e4b25b35c345444 (diff) | |
download | gnutls-d02d10484c31fc4dd438c4de63f79ca7c184cabe.tar.gz |
doc update
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -7,6 +7,10 @@ See the end for copying conditions. * Version 3.6.0 (unreleased) +** libgnutls: Added support for RFC7919 group negotiation. That makes the + Diffie-Hellman parameters negotiation more robust and less prone to errors + due to insecure parameters. + ** libgnutls: Introduced various sanity checks on certificate import. Refuse to import certificates which have fractional seconds in Time fields, X.509v1 certificates which have the unique identifiers set, and certificates with illegal @@ -49,8 +53,8 @@ See the end for copying conditions. in RFC5280. ** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. - These curves were rarely used for that purpose and provide no advantage over - x25519. + These curves were rarely used for that purpose, provide no advantage over + x25519 and were deprecated by TLS 1.3. ** libgnutls: SHA1 was marked as insecure for certificate signatures. Verification of certificates signed with SHA1 is now considered insecure and will |