diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-15 13:11:03 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-15 16:26:59 +0200 |
| commit | 39f0c32e6d3714b62e5320b97ef811025aa588f9 (patch) | |
| tree | ac60ea987fbef2b11c28a7e52db722e246239e01 /NEWS | |
| parent | fa1091c64669df1c0c78cd1bd20aad0745ea7ac4 (diff) | |
| download | gnutls-39f0c32e6d3714b62e5320b97ef811025aa588f9.tar.gz | |
doc update
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 21 |
1 files changed, 17 insertions, 4 deletions
@@ -25,12 +25,25 @@ See the end for copying conditions. ** libgnutls: Added support for RSA-PSS key type as well as signatures in certificates, and TLS key exchange. Contributed by Daiki Ueno. RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys, - but not vice-versa. A TLS server which supports both RSA and RSA-PSS keys - will prefer the RSA-PSS key for RSA-PSS signatures to contain risks of - cross-protocol attacks between the algorithms. + but not vice-versa. The feature includes: + * RSA-PSS key generation and key handling (in PKCS#8 form) + * RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech) + * Handling of RSA-PSS subjectPublicKeyInfo parameters, when present + in either the private key or certificate. + * RSA-PSS signing and verification of PKIX certificates + * RSA-PSS signing and verification of TLS 1.2 handshake + * RSA-PSS signing and verification of PKCS#7 structures + * RSA-PSS and RSA key combinations for TLS credentials. That is, when + multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS + TLS signatures, to contain risks of cross-protocol attacks between the algorithms. + * RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa) ** libgnutls: Added support for Ed25519 signing in certificates and TLS key - exchange following draft-ietf-tls-rfc4492bis-17. + exchange following draft-ietf-tls-rfc4492bis-17. The feature includes: + * Ed25519 key generation and key handling (in PKCS#8 form) + * Ed25519 signing and verification of PKIX certificates + * Ed25519 signing and verification of TLS 1.2 handshake + * Ed25519 signing and verification of PKCS#7 structures ** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. |