NEWS: add news entry, describing TLS 1.3 vs GOST issues

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2019-11-27 15:48:57 +0300
committer: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2019-12-18 23:43:27 +0300
commit: 8adfea4731f98e087878dcacd0d6537dafeee4a5 (patch)
tree: 019b20c7393d57351357f9bffbe4512048c34a6f
parent: 4ecbe4a158403bcb46a1f5872eaa397d51ad8f7c (diff)
download: gnutls-8adfea4731f98e087878dcacd0d6537dafeee4a5.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 85398a7f69..05833c83ef 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,14 @@ See the end for copying conditions.
 ** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
    with gnutls_ocsp_req_t but const.
 
+** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
+   draft-smyshlyaev-tls12-gost-suites-06).
+   By default this ciphersuite is disabled. One has to add following items to priority strings:
+   +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001.
+   Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is
+   enabled both on a server and a client. It is recommended for now to disable
+   TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers.
+
 ** API and ABI modifications:
 gnutls_ocsp_req_const_t: Added
author	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2019-11-27 15:48:57 +0300
committer	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2019-12-18 23:43:27 +0300
commit	8adfea4731f98e087878dcacd0d6537dafeee4a5 (patch)
tree	019b20c7393d57351357f9bffbe4512048c34a6f
parent	4ecbe4a158403bcb46a1f5872eaa397d51ad8f7c (diff)
download	gnutls-8adfea4731f98e087878dcacd0d6537dafeee4a5.tar.gz