diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-07 19:51:10 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-07 19:51:10 +0200 |
commit | 41bb214bba6500b491dd7b6d99401d37490656c1 (patch) | |
tree | 7bcab3e89c963b653c1b56235b10865f6ecf02fc | |
parent | 3b688838f340fce4eedbf181a147a3537b81693b (diff) | |
download | gnutls-41bb214bba6500b491dd7b6d99401d37490656c1.tar.gz |
doc update [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -11,6 +11,12 @@ See the end for copying conditions. ** gnutls-cli: backported the --sni-hostname option. This allows overriding the hostname advertised to the peer. +** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen + and Adi Shamir reported that the existing counter-measures had certain issues and + were insufficient when the attacker could access the cache and perform chosen- + plaintext. This affected the legacy CBC ciphersuites when the encrypt-then-MAC + TLS feature was not supported by the peer. + ** API and ABI modifications: No changes since last version. |