doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-07-11 08:02:56 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-02 12:39:05 +0200
commit: d02d10484c31fc4dd438c4de63f79ca7c184cabe (patch)
tree: 1d31f9a40b5a91b461301b75c17a45461e9e91bc
parent: dbe848409912eab2a2647f570e4b25b35c345444 (diff)
download: gnutls-d02d10484c31fc4dd438c4de63f79ca7c184cabe.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index a18f82c46e..c358856da7 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ See the end for copying conditions.
 
 * Version 3.6.0 (unreleased)
 
+** libgnutls: Added support for RFC7919 group negotiation. That makes the
+   Diffie-Hellman parameters negotiation more robust and less prone to errors
+   due to insecure parameters.
+
 ** libgnutls: Introduced various sanity checks on certificate import. Refuse
    to import certificates which have fractional seconds in Time fields, X.509v1
    certificates which have the unique identifiers set, and certificates with illegal
@@ -49,8 +53,8 @@ See the end for copying conditions.
    in RFC5280.
 
 ** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes.
-   These curves were rarely used for that purpose and provide no advantage over
-   x25519.
+   These curves were rarely used for that purpose, provide no advantage over
+   x25519 and were deprecated by TLS 1.3.
 
 ** libgnutls: SHA1 was marked as insecure for certificate signatures. Verification
    of certificates signed with SHA1 is now considered insecure and will
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-07-11 08:02:56 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-02 12:39:05 +0200
commit	d02d10484c31fc4dd438c4de63f79ca7c184cabe (patch)
tree	1d31f9a40b5a91b461301b75c17a45461e9e91bc
parent	dbe848409912eab2a2647f570e4b25b35c345444 (diff)
download	gnutls-d02d10484c31fc4dd438c4de63f79ca7c184cabe.tar.gz