doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-21 15:52:04 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-21 15:52:49 +0200
commit: 1c85149bac617f7fd77df60caf606c6cf21fc1c9 (patch)
tree: 7c319dcc1d6508221db8023aa453f42a3064a510
parent: aab5864959ba638616128a209ef9c53224f05dbe (diff)
download: gnutls-1c85149bac617f7fd77df60caf606c6cf21fc1c9.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 6759c3dc24..a1f9350962 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,14 @@ See the end for copying conditions.
 ** libgnutls: Corrected infinite loop when an incorrect PIN was provided
    via pin-value or pin-source.
 
+** Improved counter-measures for TLS CBC record padding, when encrypt-then-MAC
+   mode is not used.
+
+** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
+   priority strings. They are not necessary for compatibility or other purpose and
+   provide no advantage over their SHA1 counter-parts, as they all depend on the legacy
+   TLS CBC block mode.
+
 ** API and ABI modifications:
 No changes since last version.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-21 15:52:04 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-21 15:52:49 +0200
commit	1c85149bac617f7fd77df60caf606c6cf21fc1c9 (patch)
tree	7c319dcc1d6508221db8023aa453f42a3064a510
parent	aab5864959ba638616128a209ef9c53224f05dbe (diff)
download	gnutls-1c85149bac617f7fd77df60caf606c6cf21fc1c9.tar.gz