From 5408a61d74d74f5cded1c25e421b1cd9854e715d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 23 May 2019 11:44:12 +0200 Subject: NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 36369bb0ae..a9a0217494 100644 --- a/NEWS +++ b/NEWS @@ -18,7 +18,14 @@ See the end for copying conditions. 512 bit addition) ** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent - hostname/domain crafting via IDNA conversion + hostname/domain crafting via IDNA conversion (#720) + +** libgnutls: During Diffie-Hellman operations in TLS, verify that the peer's + public key is on the right subgroup (y^q=1 mod p), when q is available (under + TLS 1.3 and under earlier versions when RFC7919 parameters are used). + +** libgnutls: Fixed bug preventing the use of gnutls_pubkey_verify_data2() and + gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag (#754) ** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow clients to communicate with the server advertising smaller limits than 512 @@ -26,6 +33,12 @@ See the end for copying conditions. ** API and ABI modifications: gnutls_prf_early: Added gnutls_record_set_max_recv_size: Added +gnutls_dh_params_import_raw3: Added +gnutls_ffdhe_2048_group_q: Added +gnutls_ffdhe_3072_group_q: Added +gnutls_ffdhe_4096_group_q: Added +gnutls_ffdhe_6144_group_q: Added +gnutls_ffdhe_8192_group_q: Added * Version 3.6.7 (released 2019-03-27) -- cgit v1.2.1