diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-11-27 15:48:57 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-18 23:43:27 +0300 |
commit | 8adfea4731f98e087878dcacd0d6537dafeee4a5 (patch) | |
tree | 019b20c7393d57351357f9bffbe4512048c34a6f /NEWS | |
parent | 4ecbe4a158403bcb46a1f5872eaa397d51ad8f7c (diff) | |
download | gnutls-8adfea4731f98e087878dcacd0d6537dafeee4a5.tar.gz |
NEWS: add news entry, describing TLS 1.3 vs GOST issues
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -10,6 +10,14 @@ See the end for copying conditions. ** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible with gnutls_ocsp_req_t but const. +** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by + draft-smyshlyaev-tls12-gost-suites-06). + By default this ciphersuite is disabled. One has to add following items to priority strings: + +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001. + Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is + enabled both on a server and a client. It is recommended for now to disable + TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. + ** API and ABI modifications: gnutls_ocsp_req_const_t: Added |