diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-05-06 12:41:40 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-11-29 13:21:53 +0100 |
commit | 0ecce7191dfd78387f2994253d37ed1df50d563d (patch) | |
tree | fb1d66e9329cdad3ef617c02b96c77aca1c8dd3e /NEWS | |
parent | ee3af8d6e863bd958cbe7468f9cbe09d803f4e92 (diff) | |
download | gnutls-0ecce7191dfd78387f2994253d37ed1df50d563d.tar.gz |
priority: support allowlisting in configuration file
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -7,6 +7,11 @@ See the end for copying conditions. * Version 3.7.3 (unreleased) +** libgnutls: The allowlisting configuration mode has been added to the system-wide + settings. In this mode, all the algorithms are initially marked as insecure + or disabled, while the applications can re-enable them either through the + [overrides] section of the configuration file or the new API (#1172). + ** certtool: Certtool can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. ** libgnutls: disabling a hashing algorithm through "insecure-hash" @@ -22,6 +27,11 @@ See the end for copying conditions. ** API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags +gnutls_ecc_curve_set_enabled: Added. +gnutls_sign_set_secure: Added. +gnutls_sign_set_secure_for_certs: Added. +gnutls_digest_set_secure: Added. +gnutls_protocol_set_enabled: Added. * Version 3.7.2 (released 2021-05-29) |