From 86884b19ddc47b06ceb3b854e6a7757623874fae Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 19 Jun 2017 08:20:47 +0200 Subject: doc update Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index b8eb702786..2894f707d9 100644 --- a/NEWS +++ b/NEWS @@ -45,6 +45,10 @@ See the end for copying conditions. gnutls_x509_crt_set_serial(), will fail on input considered to be invalid in RFC5280. +** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. + These curves were rarely used for that purpose and provide no advantage over + x25519. + ** libgnutls: SHA1 was removed from the trusted set of hashes. Verification and other operations relying on SHA1 is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. This -- cgit v1.2.1