doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-07-07 19:51:10 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-07-07 19:51:10 +0200
commit: 41bb214bba6500b491dd7b6d99401d37490656c1 (patch)
tree: 7bcab3e89c963b653c1b56235b10865f6ecf02fc
parent: 3b688838f340fce4eedbf181a147a3537b81693b (diff)
download: gnutls-41bb214bba6500b491dd7b6d99401d37490656c1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e9392e480f..dd19c97cae 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,12 @@ See the end for copying conditions.
 ** gnutls-cli: backported the --sni-hostname option. This allows overriding the
    hostname advertised to the peer.
 
+** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
+   and Adi Shamir reported that the existing counter-measures had certain issues and
+   were insufficient when the attacker could access the cache and perform chosen-
+   plaintext. This affected the legacy CBC ciphersuites when the encrypt-then-MAC
+   TLS feature was not supported by the peer.
+
 ** API and ABI modifications:
 No changes since last version.
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-07 19:51:10 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-07 19:51:10 +0200
commit	41bb214bba6500b491dd7b6d99401d37490656c1 (patch)
tree	7bcab3e89c963b653c1b56235b10865f6ecf02fc
parent	3b688838f340fce4eedbf181a147a3537b81693b (diff)
download	gnutls-41bb214bba6500b491dd7b6d99401d37490656c1.tar.gz