Merge branch 'gost-priorities' into 'master'

Extend GOST priority settings and documentation

See merge request gnutls/gnutls!1160

1 files changed, 6 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 2b4fd94210..accd32daf9 100644
--- a/NEWS
+++ b/NEWS
@@ -20,8 +20,9 @@ See the end for copying conditions.
 
 ** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
    draft-smyshlyaev-tls12-gost-suites-06).
-   By default this ciphersuite is disabled. One has to add following items to priority strings:
-   +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001.
+   By default this ciphersuite is disabled. One has to enable it by adding
+   +GOST to priority string. It will enable this ciphersuite (and other GOST
+   ciphersuites in future).
    Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is
    enabled both on a server and a client. It is recommended for now to disable
    TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers.
@@ -47,6 +48,9 @@ See the end for copying conditions.
 ** certtool: The add_extension template option is considered even when generating
    a certificate from a certificate request.
 
+** libgnutls: added priority shortcuts for different GOST categories like
+   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
+
 ** API and ABI modifications:
 GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added
 gnutls_ocsp_req_const_t: Added