diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-11-30 08:49:50 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-11-30 08:49:50 +0100 |
| commit | 51be76ac45bebd34ccf00f0c7b8c694ca5b2264d (patch) | |
| tree | 404aea454317d0247091b6ac0eab7c16ed04957f | |
| parent | 412da20c61705a5743b269ac8983dd426232e634 (diff) | |
| download | gnutls-51be76ac45bebd34ccf00f0c7b8c694ca5b2264d.tar.gz | |
NEWS: updated [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | NEWS | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -10,6 +10,17 @@ See the end for copying conditions. ** libgnutls: Provide the option of transparent re-handshake/reauthentication when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init(). +** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) + +** libgnutls: The priority functions will ignore and not enable TLS1.3 if + requested with legacy TLS versions enabled but not TLS1.2. That is because + if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) + servers which do not support TLS1.3 will negotiate TLS1.2 which will be + rejected by the client as disabled (#621). + +** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword + in the priority string. It is only accepted as legacy option and is ignored. + ** libgnutls: Added support for AES-CFB8 cipher (#357) ** libgnutls: Added support for AES-CMAC MAC (#351) @@ -18,26 +29,15 @@ See the end for copying conditions. have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D S-BOXes). They are fixed now. -** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword - in the priority string. It is only accepted as legacy option and is ignored. - -** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) - ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private keys parsing, as specified in R 50.1.112-2016. -** libgnutls: The priority functions will ignore and not enable TLS1.3 if - requested with legacy TLS versions enabled but not TLS1.2. That is because - if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) - servers which do not support TLS1.3 will negotiate TLS1.2 which will be - rejected by the client as disabled (#621). +** gnutls-serv: It applies the default settings when no --priority option is given, + using gnutls_set_default_priority(). ** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin option (#561) -** gnutls-serv: It applies the default settings when no --priority option is given, - using gnutls_set_default_priority(). - ** certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. |